diff --git a/README.md b/README.md
index 9f64f1f202..505a9420e7 100755
--- a/README.md
+++ b/README.md
@@ -19,12 +19,6 @@
[apache affects]: #what-the-apache-module-affects
[Reference]: #reference
-[Public classes]: #public-classes
-[Private classes]: #private-classes
-[Public defined types]: #public-defined-types
-[Private defined types]: #private-defined-types
-[Templates]: #templates
-[Tasks]: #tasks
[Limitations]: #limitations
@@ -294,12 +288,6 @@
- [Configuring FastCGI servers to handle PHP files][Configuring FastCGI servers]
- [Load balancing with exported and non-exported resources][Load balancing examples]
4. [Reference - An under-the-hood peek at what the module is doing and how][Reference]
- - [Public classes][]
- - [Private classes][]
- - [Public defined types][]
- - [Private defined types][]
- - [Templates][]
- - [Tasks][]
5. [Limitations - OS compatibility, etc.][Limitations]
6. [Development - Guide for contributing to the module][Development]
- [Contributing to the apache module][Contributing]
@@ -561,13 +549,11 @@ apache::vhost { 'wsgi.example.com':
port => '80',
docroot => '/var/www/pythonapp',
wsgi_application_group => '%{GLOBAL}',
- wsgi_daemon_process => {
- 'wsgi' => {
- processes => '2',
- threads => '15',
- display-name => '%{GROUP}',
- },
- 'foo' => {},
+ wsgi_daemon_process => 'wsgi',
+ wsgi_daemon_process_options => {
+ processes => '2',
+ threads => '15',
+ display-name => '%{GROUP}',
},
wsgi_import_script => '/var/www/demo.wsgi',
wsgi_import_script_options => {
@@ -808,5140 +794,16 @@ Load balancing scheduler algorithms (`lbmethod`) are listed [in mod_proxy_balanc
## Reference
-- [**Public classes**](#public-classes)
- - [Class: apache](#class-apache)
- - [Class: apache::dev](#class-apachedev)
- - [Class: apache::vhosts](#class-apachevhosts)
- - [Classes: apache::mod::\*](#classes-apachemodname)
-- [**Private classes**](#private-classes)
- - [Class: apache::confd::no_accf](#class-apacheconfdno_accf)
- - [Class: apache::default_confd_files](#class-apachedefault_confd_files)
- - [Class: apache::default_mods](#class-apachedefault_mods)
- - [Class: apache::package](#class-apachepackage)
- - [Class: apache::params](#class-apacheparams)
- - [Class: apache::service](#class-apacheservice)
- - [Class: apache::version](#class-apacheversion)
-- [**Public defined types**](#public-defined-types)
- - [Defined type: apache::balancer](#defined-type-apachebalancer)
- - [Defined type: apache::balancermember](#defined-type-apachebalancermember)
- - [Defined type: apache::custom_config](#defined-type-apachecustom_config)
- - [Defined type: apache::fastcgi::server](#defined-type-fastcgi-server)
- - [Defined type: apache::listen](#defined-type-apachelisten)
- - [Defined type: apache::mod](#defined-type-apachemod)
- - [Defined type: apache::namevirtualhost](#defined-type-apachenamevirtualhost)
- - [Defined type: apache::vhost](#defined-type-apachevhost)
- - [Defined type: apache::vhost::custom](#defined-type-apachevhostcustom)
-- [**Private defined types**](#private-defined-types)
- - [Defined type: apache::default_mods::load](#defined-type-default_mods-load)
- - [Defined type: apache::peruser::multiplexer](#defined-type-apacheperusermultiplexer)
- - [Defined type: apache::peruser::processor](#defined-type-apacheperuserprocessor)
- - [Defined type: apache::security::file_link](#defined-type-apachesecurityfile_link)
-- [**Templates**](#templates)
-- [**Tasks**](#tasks)
-
-### Public Classes
-
-#### Class: `apache`
-
-Guides the basic setup and installation of Apache on your system.
-
-When this class is declared with the default options, Puppet:
-
-- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
-- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
-- Configures the server with a default virtual host and standard port ('80') and address ('\*') bindings.
-- Creates a document root directory determined by your operating system, typically `/var/www`.
-- Starts the Apache service.
-
-You can simply declare the default `apache` class:
-
-``` puppet
-class { 'apache': }
-```
-
-##### `allow_encoded_slashes`
-
-Sets the server default for the [`AllowEncodedSlashes`][] declaration, which modifies the responses to URLs containing '\' and '/' characters. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.
-
-Values: 'on', 'off', 'nodecode'.
-
-Default: `undef`.
-
-##### `apache_version`
-
-Configures module template behavior, package names, and default Apache modules by defining the version of Apache to use. We do not recommend manually configuring this parameter without reason.
-
-Default: Depends on operating system and release version detected by the [`apache::version`][] class.
-
-##### `conf_dir`
-
-Sets the directory where the Apache server's main configuration file is located.
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/apache2`
-- **FreeBSD**: `/usr/local/etc/apache22`
-- **Gentoo**: `/etc/apache2`
-- **Red Hat**: `/etc/httpd/conf`
-
-##### `conf_template`
-
-Defines the [template][] used for the main Apache configuration file. Modifying this parameter is potentially risky, as the apache module is designed to use a minimal configuration file customized by `conf.d` entries.
-
-Default: `apache/httpd.conf.erb`.
-
-##### `confd_dir`
-
-Sets the location of the Apache server's custom configuration directory.
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/apache2/conf.d`
-- **FreeBSD**: `/usr/local/etc/apache22`
-- **Gentoo**: `/etc/apache2/conf.d`
-- **Red Hat**: `/etc/httpd/conf.d`
-
-##### `default_charset`
-
-Used as the [`AddDefaultCharset`][] directive in the main configuration file.
-
-Default: `undef`.
-
-##### `default_confd_files`
-
-Determines whether Puppet generates a default set of includable Apache configuration files in the directory defined by the [`confd_dir`][] parameter. These configuration files correspond to what is typically installed with the Apache package on the server's operating system.
-
-Boolean.
-
-Default: `true`.
-
-##### `default_mods`
-
-Determines whether to configure and enable a set of default [Apache modules][] depending on your operating system.
-
-If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work on your operating system, and you can declare any other modules separately using the [`apache::mod::`][] class or [`apache::mod`][] defined type.
-
-If `true`, Puppet installs additional modules, depending on the operating system and the values of [`apache_version`][] and [`mpm_module`][] parameters. Because these lists of modules can change frequently, consult the [Puppet module's code][] for up-to-date lists.
-
-If this parameter contains an array, Puppet instead enables all passed Apache modules.
-
-Values: Boolean or an array of Apache module names.
-
-Default: `true`.
-
-##### `default_ssl_ca`
-
-Sets the default certificate authority for the Apache server.
-
-Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate authority information before deploying this server in a production environment.
-
-Boolean.
-
-Default: `undef`.
-
-##### `default_ssl_cert`
-
-Sets the [SSL encryption][] certificate location.
-
-Although the default value results in a functioning Apache server, you **must** update this parameter with your certificate location before deploying this server in a production environment.
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/ssl/certs/ssl-cert-snakeoil.pem`
-- **FreeBSD**: `/usr/local/etc/apache22/server.crt`
-- **Gentoo**: `/etc/ssl/apache2/server.crt`
-- **Red Hat**: `/etc/pki/tls/certs/localhost.crt`
-
-##### `default_ssl_chain`
-
-Sets the default [SSL chain][] location.
-
-Although this default value results in a functioning Apache server, you **must** update this parameter with your SSL chain before deploying this server in a production environment.
-
-Default: `undef`.
-
-##### `default_ssl_crl`
-
-Sets the path of the default [certificate revocation list][] (CRL) file to use.
-
-Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment. You can use this parameter with or in place of the [`default_ssl_crl_path`][].
-
-Default: `undef`.
-
-##### `default_ssl_crl_path`
-
-Sets the server's [certificate revocation list path][], which contains your CRLs.
-
-Although this default value results in a functioning Apache server, you **must** update this parameter with the CRL file path before deploying this server in a production environment.
-
-Default: `undef`.
-
-##### `default_ssl_crl_check`
-
-Sets the default certificate revocation check level via the [`SSLCARevocationCheck`][] directive. This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
-
-Although this default value results in a functioning Apache server, you **must** specify this parameter when using certificate revocation lists in a production environment.
-
-Default: `undef`.
-
-##### `default_ssl_key`
-
-Sets the [SSL certificate key file][] location.
-
-Although the default values result in a functioning Apache server, you **must** update this parameter with your SSL key's location before deploying this server in a production environment.
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/ssl/private/ssl-cert-snakeoil.key`
-- **FreeBSD**: `/usr/local/etc/apache22/server.key`
-- **Gentoo**: `/etc/ssl/apache2/server.key`
-- **Red Hat**: `/etc/pki/tls/private/localhost.key`
-
-
-##### `default_ssl_vhost`
-
-Configures a default [SSL][SSL encryption] virtual host.
-
-If `true`, Puppet automatically configures the following virtual host using the [`apache::vhost`][] defined type:
-
-```puppet
-apache::vhost { 'default-ssl':
- port => 443,
- ssl => true,
- docroot => $docroot,
- scriptalias => $scriptalias,
- serveradmin => $serveradmin,
- access_log_file => "ssl_${access_log_file}",
- }
-```
-
-> **Note**: SSL virtual hosts only respond to HTTPS queries.
-
-
-Boolean.
-
-Default: `false`.
-
-##### `default_type`
-
-_Apache 2.2 only_. Sets the [MIME `content-type`][] sent if the server cannot otherwise determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and newer, and is only for backwards compatibility in configuration files.
-
-Default: `undef`.
-
-##### `default_vhost`
-
-Configures a default virtual host when the class is declared.
-
-To configure [customized virtual hosts][Configuring virtual hosts], set this parameter's value to `false`.
-
-> **Note**: Apache will not start without at least one virtual host. If you set this to `false` you must configure a virtual host elsewhere.
-
-Boolean.
-
-Default: `true`.
-
-##### `dev_packages`
-
-Configures a specific dev package to use.
-
-Values: A string or array of strings.
-
-Example for using httpd 2.4 from the IUS yum repo:
-
-``` puppet
-include ::apache::dev
-class { 'apache':
- apache_name => 'httpd24u',
- dev_packages => 'httpd24u-devel',
-}
-```
-
-Default: Depends on operating system.
-
-- **Red Hat:** 'httpd-devel'
-- **Debian 8/Ubuntu 13.10 or newer:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-dev']
-- **Older Debian/Ubuntu versions:** ['libaprutil1-dev', 'libapr1-dev', 'apache2-prefork-dev']
-- **FreeBSD, Gentoo:** `undef`
-- **Suse:** ['libapr-util1-devel', 'libapr1-devel']
-
-##### `docroot`
-
-Sets the default [`DocumentRoot`][] location.
-
-Default: Depends on operating system.
-
-- **Debian**: `/var/www/html`
-- **FreeBSD**: `/usr/local/www/apache22/data`
-- **Gentoo**: `/var/www/localhost/htdocs`
-- **Red Hat**: `/var/www/html`
-
-##### `error_documents`
-
-Determines whether to enable [custom error documents][] on the Apache server.
-
-Boolean.
-
-Default: `false`.
-
-##### `group`
-
-Sets the group ID that owns any Apache processes spawned to answer requests.
-
-By default, Puppet attempts to manage this group as a resource under the `apache` class, determining the group based on the operating system as detected by the [`apache::params`][] class. To prevent the group resource from being created and use a group created by another Puppet module, set the [`manage_group`][] parameter's value to `false`.
-
-> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn child processes to access resources. It does not change the user that owns the parent server process.
-
-##### `httpd_dir`
-
-Sets the Apache server's base configuration directory. This is useful for specially repackaged Apache server builds but might have unintended consequences when combined with the default distribution packages.
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/apache2`
-- **FreeBSD**: `/usr/local/etc/apache22`
-- **Gentoo**: `/etc/apache2`
-- **Red Hat**: `/etc/httpd`
-
-##### `http_protocol_options`
-
-Specifies the strictness of HTTP protocol checks.
-
-Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`, `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
-
-Default '`Strict LenientMethods Allow0.9`'.
-
-##### `keepalive`
-
-Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive. If you set this to 'On', use the [`keepalive_timeout`][] and [`max_keepalive_requests`][] parameters to set relevant options.
-
-Values: 'Off', 'On'.
-
-Default: 'On'.
-
-##### `keepalive_timeout`
+For information on classes, types and functions see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-apache/blob/master/REFERENCE.md)
-Sets the [`KeepAliveTimeout`] directive, which determines the amount of time the Apache server waits for subsequent requests on a persistent HTTP connection. This parameter is only relevant if the [`keepalive` parameter][] is enabled.
-
-Default: '15'.
-
-##### `max_keepalive_requests`
-
-Limits the number of requests allowed per connection when the [`keepalive` parameter][] is enabled.
-
-Default: '100'.
-
-##### `hostname_lookups`
-
-This directive enables DNS lookups so that host names can be logged and passed to CGIs/SSIs in REMOTE_HOST. Values:'On','Off','Double'.
-
-Default: 'Off'.
-> **Note**: If enabled, it impacts performance significantly.
-
-##### `lib_path`
-
-Specifies the location where [Apache module][Apache modules] files are stored.
-
-Default: Depends on operating system.
-
-- **Debian** and **Gentoo**: `/usr/lib/apache2/modules`
-- **FreeBSD**: `/usr/local/libexec/apache24`
-- **Red Hat**: `modules`
-
-> **Note**: Do not configure this parameter manually without special reason.
-
-##### `log_level`
-
-Changes the error log's verbosity. Values: 'alert', 'crit', 'debug', 'emerg', 'error', 'info', 'notice', 'warn'.
-
-Default: 'warn'.
-
-##### `log_formats`
-
-Define additional [`LogFormat`][] directives. Values: A [hash][], such as:
-
-``` puppet
-$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
-```
-
-There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
-
-``` httpd
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %b" common
-LogFormat "%{Referer}i -> %U" referer
-LogFormat "%{User-agent}i" agent
-LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
-```
-
-If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
-
-##### `logroot`
-
-Changes the directory of Apache log files for the virtual host.
-
-Default: Depends on operating system.
-
-- **Debian**: `/var/log/apache2`
-- **FreeBSD**: `/var/log/apache22`
-- **Gentoo**: `/var/log/apache2`
-- **Red Hat**: `/var/log/httpd`
-
-##### `logroot_mode`
-
-Overrides the default [`logroot`][] directory's mode.
-
-> **Note**: Do _not_ grant write access to the directory where the logs are stored without being aware of the consequences. See the [Apache documentation][Log security] for details.
-
-Default: `undef`.
-
-##### `manage_group`
-
-When `false`, stops Puppet from creating the group resource.
-
-If you have a group created from another Puppet module that you want to use to run Apache, set this to `false`. Without this parameter, attempting to use a previously established group results in a duplicate resource error.
-
-Boolean.
-
-Default: `true`.
-
-##### `supplementary_groups`
-
-A list of groups to which the user belongs. These groups are in addition to the primary group.
-
-Default: No additional groups.
-
-Notice: This option only has an effect when `manage_user` is set to true.
-
-##### `manage_user`
-
-When `false`, stops Puppet from creating the user resource.
-
-This is for instances when you have a user, created from another Puppet module, you want to use to run Apache. Without this parameter, attempting to use a previously established user would result in a duplicate resource error.
-
-Boolean.
-
-Default: `true`.
-
-##### `mod_dir`
-
-Sets where Puppet places configuration files for your [Apache modules][].
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/apache2/mods-available`
-- **FreeBSD**: `/usr/local/etc/apache22/Modules`
-- **Gentoo**: `/etc/apache2/modules.d`
-- **Red Hat**: `/etc/httpd/conf.d`
-
-##### `mod_libs`
-
-Allows the user to override default module library names.
-
-```puppet
-include apache::params
-class { 'apache':
- mod_libs => merge($::apache::params::mod_libs, {
- 'wsgi' => 'mod_wsgi_python3.so',
- })
-}
-```
-
-Hash. Default: `$apache::params::mod_libs`
-
-##### `mod_packages`
-
-Allows the user to override default module package names.
-
-```puppet
-include apache::params
-class { 'apache':
- mod_packages => merge($::apache::params::mod_packages, {
- 'auth_kerb' => 'httpd24-mod_auth_kerb',
- })
-}
-```
-
-Hash. Default: `$apache::params::mod_packages`
-
-##### `mpm_module`
-
-Determines which [multi-processing module][] (MPM) is loaded and configured for the HTTPD process. Values: 'event', 'itk', 'peruser', 'prefork', 'worker', or `false`.
-
-You must set this to `false` to explicitly declare the following classes with custom parameters:
-
-- [`apache::mod::event`][]
-- [`apache::mod::itk`][]
-- [`apache::mod::peruser`][]
-- [`apache::mod::prefork`][]
-- [`apache::mod::worker`][]
-
-Default: Depends on operating system.
-
-- **Debian**: 'worker'
-- **FreeBSD, Gentoo, and Red Hat**: 'prefork'
-
-##### `package_ensure`
-
-Controls the `package` resource's [`ensure`][] attribute. Values: 'absent', 'installed' (or equivalent 'present'), or a version string.
-
-Default: 'installed'.
-
-##### `pidfile`
-
-Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
-
-Default: Depends on operating system.
-
-- **Debian:** '\${APACHE_PID_FILE}'
-- **FreeBSD:** '/var/run/httpd.pid'
-- **Red Hat:** 'run/httpd.pid'
-
-##### `ports_file`
-
-Sets the path to the file containing Apache ports configuration.
-
-Default: '{$conf_dir}/ports.conf'.
-
-##### `protocols`
-
-Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the server.
-
-Default: `undef`
-
-##### `protocols_honor_order`
-
-Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines whether the order of Protocols sets precedence during negotiation.
-
-Default: `undef`
-
-##### `purge_configs`
-
-Removes all other Apache configs and virtual hosts.
-
-Setting this to `false` is a stopgap measure to allow the apache module to coexist with existing or unmanaged configurations. We recommend moving your configuration to resources within this module. For virtual host configurations, see [`purge_vhost_dir`][].
-
-Boolean.
-
-Default: `true`.
-
-##### `purge_vhost_dir`
-
-If the [`vhost_dir`][] parameter's value differs from the [`confd_dir`][] parameter's, this parameter determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed by Puppet.
-
-Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
-
-Boolean.
-
-Default: same as [`purge_configs`][].
-
-##### `rewrite_lock`
-
-Allows setting a custom location for a rewrite lock - considered best practice if using a RewriteMap of type prg in the [`rewrites`][] parameter of your virtual host. This parameter only applies to Apache version 2.2 or lower and is ignored on newer versions.
-
-Default: `undef`.
-
-##### `sendfile`
-
-Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the [`EnableSendfile`][] directive. Values: 'On', 'Off'.
-
-Default: 'On'.
-
-##### `serveradmin`
-
-Sets the Apache server administrator's contact information via Apache's [`ServerAdmin`][] directive.
-
-Default: 'root@localhost'.
-
-##### `servername`
-
-Sets the Apache server name via Apache's [`ServerName`][] directive.
-
-Setting to `false` will not set ServerName at all.
-
-Default: the 'fqdn' fact reported by [Facter][].
-
-##### `server_root`
-
-Sets the Apache server's root directory via Apache's [`ServerRoot`][] directive.
-
-Default: Depends on operating system.
-
-- **Debian**: `/etc/apache2`
-- **FreeBSD**: `/usr/local`
-- **Gentoo**: `/var/www`
-- **Red Hat**: `/etc/httpd`
-
-##### `server_signature`
-
-Configures a trailing footer line to display at the bottom of server-generated documents, such as error documents and output of certain [Apache modules][], via Apache's [`ServerSignature`][] directive. Values: 'Off', 'On'.
-
-Default: 'On'.
-
-##### `server_tokens`
-
-Controls how much information Apache sends to the browser about itself and the operating system, via Apache's [`ServerTokens`][] directive.
-
-Default: 'Prod'.
-
-##### `service_enable`
-
-Determines whether Puppet enables the Apache HTTPD service when the system is booted.
-
-Boolean.
-
-Default: `true`.
-
-##### `service_ensure`
-
-Determines whether Puppet should make sure the service is running. Values: `true` (or 'running'), `false` (or 'stopped').
-
-The `false` or 'stopped' values set the 'httpd' service resource's `ensure` parameter to `false`, which is useful when you want to let the service be managed by another application, such as Pacemaker.
+### Templates
-Default: 'running'.
+The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts that are specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.
-##### `service_name`
-
-Sets the name of the Apache service.
-
-Default: Depends on operating system.
-
-- **Debian and Gentoo**: 'apache2'
-- **FreeBSD**: 'apache22'
-- **Red Hat**: 'httpd'
-
-##### `service_manage`
-
-Determines whether Puppet manages the HTTPD service's state.
-
-Boolean.
-
-Default: `true`.
-
-##### `service_restart`
-
-Determines whether Puppet should use a specific command to restart the HTTPD service.
-
-Values: a command to restart the Apache service. The default setting uses the [default Puppet behavior][Service attribute restart].
-
-Default: `undef`.
-
-##### `ssl_cert`
-
-This enables the user to specify a specific SSLCertificateFile.
-
-For more information see: [SSLCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateFile)
-
-Default: `undef.`
-
-##### `ssl_key`
-This enables the user to specify a specific SSLCertificateKey.
-
-For more information see: [SSLCertificateKey](https://httpd.apache.org/docs/current/mod/mod_ssl.html#SSLCertificateKeyFile)
-
-Default: `undef`.
-
-
-##### `ssl_ca`
-
-Specifies the SSL certificate authority. [SSLCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcacertificatefile) to use to verify certificate used in ssl client authentication.
-
-It is possible to override this on a vhost level.
-
-Default: `undef`.
-
-
-##### `timeout`
-
-Sets Apache's [`TimeOut`][] directive, which defines the number of seconds Apache waits for certain events before failing a request.
-
-Default: 120.
-
-##### `trace_enable`
-
-Controls how Apache handles `TRACE` requests (per [RFC 2616][]) via the [`TraceEnable`][] directive.
-
-Values: 'Off', 'On'.
-
-Default: 'On'.
-
-##### `use_canonical_name`
-
-Controls Apache's [`UseCanonicalName`][] directive which controls how Apache handles self-referential URLs. If not specified, this parameter omits the declaration from the server's configuration and uses Apache's default setting of 'off'.
-
-Values: 'On', 'on', 'Off', 'off', 'DNS', 'dns'.
-
-Default: `undef`.
-
-##### `use_systemd`
-
-Controls whether the systemd module should be installed on Centos 7 servers, this is especially useful if using custom-built RPMs.
-
-Boolean.
-
-Default: `true`.
-
-##### `file_mode`
-
-Sets the desired permissions mode for config files.
-
-Values: A string, with permissions mode in symbolic or numeric notation.
-
-Default: '0644'.
-
-##### `root_directory_options`
-
-Array of the desired options for the / directory in httpd.conf.
-
-Defaults: 'FollowSymLinks'.
-
-##### `root_directory_secured`
-
-Sets the default access policy for the / directory in httpd.conf. A value of `false` allows access to all resources that are missing a more specific access policy. A value of `true` denies access to all resources by default. If `true`, more specific rules must be used to allow access to these resources (for example, in a directory block using the [`directories`](#parameter-directories-for-apachevhost) parameter).
-
-Boolean.
-
-Default: `false`.
-
-##### `vhost_dir`
-
-Changes your virtual host configuration files' location.
-
-Default: Depends on operating system:
-
-- **Debian**: `/etc/apache2/sites-available`
-- **FreeBSD**: `/usr/local/etc/apache22/Vhosts`
-- **Gentoo**: `/etc/apache2/vhosts.d`
-- **Red Hat**: `/etc/httpd/conf.d`
-
-##### `vhost_include_pattern`
-
-Defines the pattern for files included from the `vhost_dir`.
-
-If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in this directory (such as files created by version control systems or editor backups) are *not* included in your server configuration.
-
-Default: '*'.
-
-Some operating systems use a value of `*.conf`. By default, this module creates configuration files ending in `.conf`.
-
-##### `user`
-
-Changes the user that Apache uses to answer requests. Apache's parent process continues to run as root, but child processes access resources as the user defined by this parameter. To prevent Puppet from managing the user, set the [`manage_user`][] parameter to `false`.
-
-Default: Depends on the user set by [`apache::params`][] class, based on your operating system:
-
-- **Debian**: 'www-data'
-- **FreeBSD**: 'www'
-- **Gentoo** and **Red Hat**: 'apache'
-
-To prevent Puppet from managing the user, set the [`manage_user`][] parameter to false.
-
-##### `apache_name`
-
-The name of the Apache package to install. If you are using a non-standard Apache package you might need to override the default setting.
-
-For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
-
-Default: Depends on the user set by [`apache::params`][] class, based on your operating system:
-
-- **Debian**: 'apache2'
-- **FreeBSD**: 'apache24'
-- **Gentoo**: 'www-servers/apache'
-- **Red Hat**: 'httpd'
-
-##### `error_log`
-
-The name of the error log file for the main server instance. If the string starts with `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with `$logroot`.
-
-Default: Depends on operating system:
-
-- **Debian**: 'error.log'
-- **FreeBSD**: 'httpd-error.log'
-- **Gentoo**: 'error.log'
-- **Red Hat**: 'error_log'
-- **Suse**: 'error.log'
-
-##### `scriptalias`
-
-Directory to use for global script alias
-
-Default: Depends on operating system:
-
-- **Debian**: '/usr/lib/cgi-bin'
-- **FreeBSD**: '/usr/local/www/apache24/cgi-bin'
-- **Gentoo**: 'var/www/localhost/cgi-bin'
-- **Red Hat**: '/var/www/cgi-bin'
-- **Suse**: '/usr/lib/cgi-bin'
-
-##### `access_log_file`
-
-The name of the access log file for the main server instance.
-
-Default: Depends on operating system:
-
-- **Debian**: 'error.log'
-- **FreeBSD**: 'httpd-access.log'
-- **Gentoo**: 'access.log'
-- **Red Hat**: 'access_log'
-- **Suse**: 'access.log'
-
-##### `limitreqfields`
-
-The [`limitreqfields`][] parameter sets the maximum number of request header fields in an HTTP request. This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.
-
-Default: '100'
-
-#### Class: `apache::dev`
-
-Installs Apache development libraries.
-
-Default: Depends on the operating system:[`dev_packages`][] parameter of the [`apache::params`][] class, based on your operating system:
-
-- **Debian** : 'libaprutil1-dev', 'libapr1-dev'; 'apache2-dev' on Ubuntu 13.10 and Debian 8; 'apache2-prefork-dev' on other versions.
-- **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
-- **Gentoo**: `undef`.
-- **Red Hat**: 'httpd-devel'.
-
-#### Class: `apache::vhosts`
-
-Creates [`apache::vhost`][] defined types.
-
-**Parameters**:
-
-* `vhosts`: Specifies the [`apache::vhost`][] defined type's parameters.
-
- Values: A [hash][], where the key represents the name and the value represents a [hash][] of [`apache::vhost`][] defined type's parameters.
-
- Default: '{}'
-
- > **Note**: See the [`apache::vhost`][] defined type's reference for a list of all virtual host parameters or [Configuring virtual hosts].
-
- For example, to create a [name-based virtual host][name-based virtual hosts] 'custom_vhost_1, declare this class with the `vhosts` parameter set to '{ "custom_vhost_1" => { "docroot" => "/var/www/custom_vhost_1", "port" => "81" }':
-
-``` puppet
-class { 'apache::vhosts':
- vhosts => {
- 'custom_vhost_1' => {
- 'docroot' => '/var/www/custom_vhost_1',
- 'port' => '81',
- },
- },
-}
-```
-
-#### Classes: `apache::mod::`
-
-Enables specific [Apache modules][]. Enable and configure an Apache module by declaring its class.
-
-For example, to install and enable [`mod_alias`][] with no icons, declare the [`apache::mod::alias`][] class with the `icons_options` parameter set to 'None':
-
-``` puppet
-class { 'apache::mod::alias':
- icons_options => 'None',
-}
-```
-
-The following Apache modules have supported classes, many of which allow for parameterized configuration. You can install other Apache modules with the [`apache::mod`][] defined type.
-
-* `actions`
-* `alias` (see [`apache::mod::alias`][])
-* `auth_basic`
-* `auth_cas`\* (see [`apache::mod::auth_cas`][])
-* `auth_mellon`\* (see [`apache::mod::auth_mellon`][])
-* `auth_kerb`
-* `auth_gssapi`
-* `authn_core`
-* `authn_dbd`\* (see [`apache::mod::authn_dbd`][])
-* `authn_file`
-* `authnz_ldap`\* (see [`apache::mod::authnz_ldap`][])
-* `authnz_pam`
-* `authz_default`
-* `authz_user`
-* `autoindex`
-* `cache`
-* `cgi`
-* `cgid`
-* `cluster` (see [`apache::mod::cluster`][])
-* `data`
-* `dav`
-* `dav_fs`
-* `dav_svn`\*
-* `dbd`
-* `deflate\`
-* `dev`
-* `dir`\*
-* `disk_cache` (see [`apache::mod::disk_cache`][])
-* `dumpio` (see [`apache::mod::dumpio`][])
-* `env`
-* `event` (see [`apache::mod::event`][])
-* `expires`
-* `ext_filter` (see [`apache::mod::ext_filter`][])
-* `fastcgi`
-* `fcgid`
-* `filter`
-* `geoip` (see [`apache::mod::geoip`][])
-* `headers`
-* `http2` (see [`apache::mod::http2`][])
-* `include`
-* `info`\*
-* `intercept_form_submit`
-* `itk`
-* `jk` (see [`apache::mod::jk`])
-* `ldap` (see [`apache::mod::ldap`][])
-* `lookup_identity`
-* `macro` (see [`apache:mod:macro`][])
-* `mime`
-* `mime_magic`\*
-* `negotiation`
-* `nss`\* (see [`apache::mod::nss`][])
-* `pagespeed` (see [`apache::mod::pagespeed`][])
-* `passenger`\* (see [`apache::mod::passenger`][])
-* `perl`
-* `peruser`
-* `php` (requires [`mpm_module`][] set to `prefork`)
-* `prefork`\*
-* `proxy`\* (see [`apache::mod::proxy`][])
-* `proxy_ajp`
-* `proxy_balancer`\* (see [`apache::mod::proxy_balancer`][])
-* `proxy_balancer`
-* `proxy_html` (see [`apache::mod::proxy_html`][])
-* `proxy_http`
-* `python` (see [`apache::mod::python`][])
-* `reqtimeout`
-* `remoteip`\*
-* `rewrite`
-* `rpaf`\*
-* `setenvif`
-* `security`
-* `shib`\* (see [`apache::mod::shib`])
-* `speling`
-* `ssl`\* (see [`apache::mod::ssl`][])
-* `status`\* (see [`apache::mod::status`][])
-* `suphp`
-* `userdir`\* (see [`apache::mod::userdir`][])
-* `version`
-* `vhost_alias`
-* `worker`\*
-* `wsgi` (see [`apache::mod::wsgi`][])
-* `xsendfile`
-
-Modules noted with a * indicate that the module has settings and a template that includes parameters to configure the module. Most Apache module class parameters have default values and don't require configuration. For modules with templates, Puppet installs template files with the module; these template files are required for the module to work.
-
-##### Class: `apache::mod::alias`
-
-Installs and manages [`mod_alias`][].
-
-**Parameters**:
-
-* `icons_options`: Disables directory listings for the icons directory, via Apache [`Options`] directive.
-
- Default: 'Indexes MultiViews'.
-
-* `icons_path`: Sets the local path for an `/icons/` Alias.
-
- Default: Depends on operating system.
-
- * **Debian**: `/usr/share/apache2/icons`
- * **FreeBSD**: `/usr/local/www/apache24/icons`
- * **Gentoo**: `/var/www/icons`
- * **Red Hat**: `/var/www/icons`, except on Apache 2.4, where it's `/usr/share/httpd/icons`
-
-#### Class: `apache::mod::disk_cache`
-
-Installs and configures [`mod_disk_cache`][] on Apache 2.2, or [`mod_cache_disk`][] on Apache 2.4.
-
-Default: Depends on the Apache version and operating system:
-
-- **Debian**: `/var/cache/apache2/mod_cache_disk`
-- **FreeBSD**: `/var/cache/mod_cache_disk`
-- **Red Hat, Apache 2.4**: `/var/cache/httpd/proxy`
-- **Red Hat, Apache 2.2**: `/var/cache/mod_proxy`
-
-To specify the cache root, pass a path as a string to the `cache_root` parameter.
-
-``` puppet
-class {'::apache::mod::disk_cache':
- cache_root => '/path/to/cache',
-}
-```
-
-To specify cache ignore headers, pass a string to the `cache_ignore_headers` parameter.
-
-``` puppet
-class {'::apache::mod::disk_cache':
- cache_ignore_headers => "Set-Cookie",
-}
-```
-
-##### Class: `apache::mod::dumpio`
-
-Installs and configures [`mod_dumpio`][].
-
-```puppet
-class{'apache':
- default_mods => false,
- log_level => 'dumpio:trace7',
-}
-class{'apache::mod::dumpio':
- dump_io_input => 'On',
- dump_io_output => 'Off',
-}
-```
-
-**Parameters**:
-
-* `dump_io_input`: Dump all input data to the error log.
-
- Values: 'On', 'Off'.
-
- Default: 'Off'.
-
-* `dump_io_output`: Dump all output data to the error log.
-
- Values: 'On', 'Off'.
-
- Defaults to 'Off'.
-
-##### Class: `apache::mod::event`
-
-Installs and manages [`mod_mpm_event`][]. You cannot include `apache::mod::event` with [`apache::mod::itk`][], [`apache::mod::peruser`][], [`apache::mod::prefork`][], or [`apache::mod::worker`][] on the same server.
-
-**Parameters**:
-
-* `listenbacklog`: Sets the maximum length of the pending connections queue via the module's [`ListenBackLog`][] directive. Setting this to `false` removes the parameter.
-
- Default: '511'.
-
-* `maxrequestworkers` (_Apache 2.3.12 or older_: `maxclients`): Sets the maximum number of connections Apache can simultaneously process, via the module's [`MaxRequestWorkers`][] directive. Setting these to `false` removes the parameters.
-
- Default: '150'.
-
-* `maxconnectionsperchild` (_Apache 2.3.8 or older_: `maxrequestsperchild`): Limits the number of connections a child server handles during its life, via the module's [`MaxConnectionsPerChild`][] directive. Setting these to `false` removes the parameters.
-
- Default: '0'.
-
-* `maxsparethreads` and `minsparethreads`: Sets the maximum and minimum number of idle threads, via the [`MaxSpareThreads`][] and [`MinSpareThreads`][] directives. Setting these to `false` removes the parameters.
-
- Default: '75' and '25', respectively.
-
-* `serverlimit`: Limits the configurable number of processes via the [`ServerLimit`][] directive. Setting this to `false` removes the parameter.
-
- Default: '25'.
-
-* `startservers`: Sets the number of child server processes created at startup, via the module's [`StartServers`][] directive. Setting this to `false` removes the parameter.
-
- Default: '2'.
-
-* `threadlimit`: Limits the number of event threads via the module's [`ThreadLimit`][] directive. Setting this to `false` removes the parameter.
-
- Default: '64'.
-
-* `threadsperchild`: Sets the number of threads created by each child process, via the [`ThreadsPerChild`][] directive.
-
- Default: '25'. Setting this to `false` removes the parameter.
-
-##### Class: `apache::mod::auth_cas`
-
-Installs and manages [`mod_auth_cas`][]. Parameters share names with the Apache module's directives.
-
-The `cas_login_url` and `cas_validate_url` parameters are required; several other parameters have `undef` default values.
-
-> **Note**: The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL. See [https://github.com/Jasig/mod_auth_cas]()
-
-**Parameters**:
-
-- `cas_attribute_prefix`: Adds a header with the value of this header being the attribute values when SAML validation is enabled.
-
- Default: CAS_.
-
-- `cas_attribute_delimiter`: The delimiter between attribute values in the header created by `cas_attribute_prefix`.
-
- Default: ,
-
-- `cas_authoritative`: Determines whether an optional authorization directive is authoritative and binding.
-
- Default: `undef`.
-
-- `cas_certificate_path`: Sets the path to the X509 certificate of the Certificate Authority for the server in `cas_login_url` and `cas_validate_url`.
-
- Default: `undef`.
-
-- `cas_cache_clean_interval`: Sets the minimum number of seconds that must pass between cache cleanings.
-
- Default: `undef`.
-
-- `cas_cookie_domain`: Sets the value of the `Domain=` parameter in the `Set-Cookie` HTTP header.
-
- Default: `undef`.
-
-- `cas_cookie_entropy`: Sets the number of bytes to use when creating session identifiers.
-
- Default: `undef`.
-
-- `cas_cookie_http_only`: Sets the optional `HttpOnly` flag when `mod_auth_cas` issues cookies.
-
- Default: `undef`.
-
-- `cas_cookie_path`: Where cas cookie session data is stored. Should be writable by web server user.
-
- Default: OS dependent.
-
-- `cas_cookie_path_mode`: The mode of `cas_cookie_path`.
-
- Default: '0750'.
-
-- `cas_debug`: Determines whether to enable the module's debugging mode.
-
- Default: 'Off'.
-
-- `cas_idle_timeout`: Sets the idle timeout limit, in seconds.
-
- Default: `undef`.
-
-- `cas_login_url`: **Required**. Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and don't have an active session.
-
-- `cas_proxy_validate_url`: The URL to use when performing a proxy validation.
-
- Default: `undef`.
-
-- `cas_root_proxied_as`: Sets the URL end users see when access to this Apache server is proxied. This URL should not include a trailing slash.
-
- Default: `undef`.
-
-- `cas_scrub_request_headers`: Remove inbound request headers that may have special meaning within mod_auth_cas.
-
-- `cas_sso_enabled`: Enables experimental support for single sign out (may mangle POST data).
-
- Default: 'Off'.
-
-- `cas_timeout`: Limits the number of seconds a `mod_auth_cas` session can remain active.
-
- Default: `undef`.
-
-- `cas_validate_depth`: Limits the depth for chained certificate validation.
-
- Default: `undef`.
-
-- `cas_validate_saml`: Parse response from CAS server for SAML.
-
- Default: 'Off'.
-
-- `cas_validate_server`: Whether to validate the cert of the CAS server (deprecated in 1.1 - RedHat 7).
-
- Default: `undef`.
-
-- `cas_validate_url`: **Required**. Sets the URL to use when validating a client-presented ticket in an HTTP query string.
-
-- `cas_version`: The CAS protocol version to adhere to. Values: '1', '2'.
-
- Default: '2'.
-
-- `suppress_warning`: Suppress warning about being on RedHat (`mod_auth_cas` package is now available in epel-testing repo).
-
- Default: `false`.
-
-##### Class: `apache::mod::auth_mellon`
-
-Installs and manages [`mod_auth_mellon`][]. Parameters share names with the Apache module's directives.
-
-``` puppet
-class{ 'apache::mod::auth_mellon':
- mellon_cache_size => 101,
-}
-```
-
-**Parameters**:
-
-* `mellon_cache_entry_size`: Maximum size for a single session.
-
- Default: `undef`.
-
-* `mellon_cache_size`: Size in megabytes of the mellon cache.
-
- Default: 100.
-
-* `mellon_lock_file`: Location of lock file.
-
- Default: '`/run/mod_auth_mellon/lock`'.
-
-* `mellon_post_directory`: Full path where post requests are saved.
-
- Default: '`/var/cache/apache2/mod_auth_mellon/`'
-
-* `mellon_post_ttl`: Time to keep post requests.
-
- Default: `undef`.
-
-* `mellon_post_size`: Maximum size of post requests.
-
- Default: `undef`.
-
-* `mellon_post_count`: Maximum number of post requests.
-
- Default: `undef`.
-
-##### Class: `apache::mod::authn_dbd`
-
-Installs `mod_authn_dbd` and uses `authn_dbd.conf.erb` template to generate its configuration. Optionally, creates AuthnProviderAlias.
-
-``` puppet
-class { 'apache::mod::authn_dbd':
- $authn_dbd_params =>
- 'host=db01 port=3306 user=apache password=xxxxxx dbname=apacheauth',
- $authn_dbd_query => 'SELECT password FROM authn WHERE user = %s',
- $authn_dbd_alias => 'db_auth',
-}
-```
-
-**Parameters**:
-
-* `authn_dbd_alias`: Name for the 'AuthnProviderAlias'.
-
-* `authn_dbd_dbdriver`: Specifies the database driver to use.
-
- Default: 'mysql'.
-
-* `authn_dbd_exptime`: corresponds to DBDExptime.
-
- Default: 300.
-
-* `authn_dbd_keep`: Corresponds to DBDKeep.
-
- Default: 8.
-
-* `authn_dbd_max`: Corresponds to DBDMax.
-
- Default: 20.
-
-* `authn_dbd_min`: Corresponds to DBDMin.
-
- Default: 4.
-
-* `authn_dbd_params`: **Required**. Corresponds to DBDParams for the connection string.
-
-* `authn_dbd_query`: Whether to query the user and password for authentication.
-
-##### Class: `apache::mod::authnz_ldap`
-
-Installs `mod_authnz_ldap` and uses the `authnz_ldap.conf.erb` template to generate its configuration.
-
-**Parameters**:
-
-* `package_name`: The name of the package.
-
- Default: `undef`.
-
-* `verify_server_cert`: Whether to verify the server certificate.
-
- Default: `undef`.
-
-##### Class: `apache::mod::cluster`
-
-**Note**: There is no official package available for `mod_cluster`, so you must make it available outside of the apache module. Binaries can be found at [here](http://mod-cluster.jboss.org/).
-
-``` puppet
-class { '::apache::mod::cluster':
- ip => '172.17.0.1',
- allowed_network => '172.17.0.',
- balancer_name => 'mycluster',
- version => '1.3.1'
-}
-```
-
-**Parameters**:
-
-* `port`: mod_cluster listen port.
-
- Default: '6666'.
-
-* `server_advertise`: Whether the server should advertise.
-
- Default: `true`.
-
-* `advertise_frequency`: Sets the interval between advertise messages in seconds[.miliseconds].
-
- Default: 10.
-
-* `manager_allowed_network`: Whether to allow the network to access the mod_cluster_manager.
-
- Default: '127.0.0.1'.
-
-* `keep_alive_timeout`: Specifies how long Apache should wait for a request, in seconds.
-
- Default: 60.
-
-* `max_keep_alive_requests`: Maximum number of requests kept alive.
-
- Default: 0.
-
-* `enable_mcpm_receive`: Whether MCPM should be enabled.
-
- Default: `true`.
-
-* `ip`: Specifies the IP address to listen to.
-
-* `allowed_network`: Balanced members network.
-
-* `version`: Specifies the `mod_cluster` version. Version 1.3.0 or greater is required for httpd 2.4.
-
-##### Class: `apache::mod::deflate`
-
-Installs and configures [`mod_deflate`][].
-
-**Parameters**:
-
-* `types`: An [array][] of [MIME types][MIME `content-type`] to be deflated.
-
- Default: ['text/html text/plain text/xml', 'text/css', 'application/x-javascript application/javascript application/ecmascript', 'application/rss+xml', 'application/json'].
-
-* `notes`: A [Hash][] where the key represents the type and the value represents the note name.
-
- Default: { 'Input' => 'instream', 'Output' => 'outstream', 'Ratio' => 'ratio' }.
-
-##### Class: `apache::mod::expires`
-
-Installs [`mod_expires`][] and uses the `expires.conf.erb` template to generate its configuration.
-
-**Parameters**:
-
-* `expires_active`: Enables generation of `Expires` headers for a document realm.
-
- Boolean.
-
- Default: `true`.
-
-* `expires_default`: Specifies the default algorithm for calculating expiration time using [`ExpiresByType`][] syntax or [interval syntax][].
-
- Default: `undef`.
-
-* `expires_by_type`: Describes a set of [MIME `content-type`][] and their expiration times.
-
- Values: An [array][] of [Hashes][Hash], with each Hash's key a valid MIME `content-type` (i.e. 'text/json') and its value following valid [interval syntax][].
-
- Default: `undef`.
-
-##### Class: `apache::mod::ext_filter`
-
-Installs and configures [`mod_ext_filter`][].
-
-``` puppet
-class { 'apache::mod::ext_filter':
- ext_filter_define => {
- 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',
- 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
- },
-}
-```
-
-**Parameters**:
-
-* `ext_filter_define`: A hash of filter names and their parameters.
-
- Default: `undef`.
-
-##### Class: `apache::mod::fcgid`
-
-Installs and configures [`mod_fcgid`][].
-
-The class does not individually parameterize all available options. Instead, configure `mod_fcgid` using the `options` [hash][]. For example:
-
-``` puppet
-class { 'apache::mod::fcgid':
- options => {
- 'FcgidIPCDir' => '/var/run/fcgidsock',
- 'SharememPath' => '/var/run/fcgid_shm',
- 'AddHandler' => 'fcgid-script .fcgi',
- },
-}
-```
-
-For a full list of options, see the [official `mod_fcgid` documentation][`mod_fcgid`].
-
-If you include `apache::mod::fcgid`, you can set the [`FcgidWrapper`][] per directory, per virtual host. The module must be loaded first; Puppet will not automatically enable it if you set the `fcgiwrapper` parameter in `apache::vhost`.
-
-``` puppet
-include apache::mod::fcgid
-
-apache::vhost { 'example.org':
- docroot => '/var/www/html',
- directories => {
- path => '/var/www/html',
- fcgiwrapper => {
- command => '/usr/local/bin/fcgiwrapper',
- }
- },
-}
-```
-
-##### Class: `apache::mod::geoip`
-
-Installs and manages [`mod_geoip`][].
-
-**Parameters**:
-
-* `db_file`: Sets the path to your GeoIP database file.
-
- Values: a path, or an [array][] paths for multiple GeoIP database files.
-
- Default: `/usr/share/GeoIP/GeoIP.dat`.
-
-* `enable`: Determines whether to globally enable [`mod_geoip`][].
-
- Boolean.
-
- Default: `false`.
-
-* `flag`: Sets the GeoIP flag.
-
- Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
-
- Default: 'Standard'.
-
-* `output`: Defines which output variables to use.
-
- Values: 'All', 'Env', 'Request', 'Notes'.
-
- Default: 'All'.
-
-* `enable_utf8`: Changes the output from ISO*8859*1 (Latin*1) to UTF*8.
-
- Boolean.
-
- Default: `undef`.
-
-* `scan_proxy_headers`: Enables the [GeoIPScanProxyHeaders][] option.
-
- Boolean.
-
- Default: `undef`.
-
-* `scan_proxy_header_field`: Specifies the header [`mod_geoip`][] uses to determine the client's IP address.
-
- Default: `undef`.
-
-* `use_last_xforwarededfor_ip` (sic): Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
-
- Boolean.
-
- Default: `undef`.
-
-##### Class: `apache::mod::http2`
-
-Installs and manages [`mod_http2`][].
-
-**Parameters**:
-
-* `h2_copy_files`: Determines if file handles or copies of file content are
-passed from the requestion processing down to the main connection.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_direct`: Toggles the usage of the HTTP/2 Direct Mode.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_early_hints`: Controls if HTTP status 103 interim responses are forwarded
-to the client or not.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_max_session_streams`: Sets the maximum number of active streams per
-HTTP/2 session that the server allows.
-
- Integer.
-
- Default: `undef`
-
-* `h2_max_worker_idle_seconds`: Sets the maximum number of seconds a h2 worker
- may idle until it shuts itself down.
-
- Integer.
-
- Default: `undef`
-
-* `h2_max_workers`: Sets the maximum number of worker threads to spawn per
- child process for HTTP/2 processing.
-
- Integer.
-
- Default: `undef`
-
-* `h2_min_workers`: Sets the minimum number of worker threads to spawn per
- child process for HTTP/2 processing.
-
- Integer.
-
- Default: `undef`
-
-* `h2_modern_tls_only`: Toggles the security checks on HTTP/2 connections in
- TLS mode.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_push`: Toggles the usage of the HTTP/2 server push protocol feature.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_push_diary_size`: Toggles the maximum number of HTTP/2 server pushes that
- are remembered per HTTP/2 connection.
-
- Integer.
-
- Default: `undef`
-
-* `h2_push_priority`: Defines the priority handling of pushed responses based
- on the content-type of the response.
-
- Values: An array of priority definitions.
-
- Default: `[]`
-
-* `h2_push_resource`: Declares resources for early pushing to the client.
-
- Values: An array of resources.
-
- Default: `[]`
-
-* `h2_serialize_headers`: Toggles if HTTP/2 requests shall be serialized in
- HTTP/1.1 format for processing by httpd core.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_stream_max_mem_size`: Maximum number of outgoing data bytes buffered in
- memory for an active streams.
-
- Integer.
-
- Default: `undef`
-
-* `h2_tls_cool_down_secs`: Sets the number of seconds of idle time on a TLS
- connection before the TLS write size falls back to a small (~1300 bytes)
- length.
-
- Integer.
-
- Default: `undef`
-
-* `h2_tls_warm_up_size`: Sets the number of bytes to be sent in small TLS
- records (~1300 bytes) until doing maximum sized writes (16k) on https: HTTP/2
- connections.
-
- Integer.
-
- Default: `undef`
-
-* `h2_upgrade`: Toggles the usage of the HTTP/1.1 Upgrade method for switching
- to HTTP/2.
-
- Boolean.
-
- Default: `undef`
-
-* `h2_window_size`: Sets the size of the window that is used for flow control
- from client to server and limits the amount of data the server has to buffer.
-
- Integer.
-
- Default: `undef`
-
-
-##### Class: `apache::mod::info`
-
-Installs and manages [`mod_info`][], which provides a comprehensive overview of the server configuration.
-
-**Parameters**:
-
-* `allow_from`: Whitelist of IPv4 or IPv6 addresses or ranges that can access `/server*info`.
-
- Values: One or more octets of an IPv4 address, an IPv6 address or range, or an array of either.
-
- Default: ['127.0.0.1','::1'].
-
-* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'.
-
- Default: The value of [`$::apache::apache_version`][`apache_version`].
-
-
-* `restrict_access`: Determines whether to enable access restrictions. If `false`, the `allow_from` whitelist is ignored and any IP address can access `/server*info`.
-
- Boolean.
-
- Default: `true`.
-
-##### Class: `apache::mod::itk`
-
-Installs and manages [`mod_itk`][], which is an (MPM) that is loaded and configured for the HTTPD process. [official documentation](http://mpm-itk.sesse.net/)
-
-**Parameters**:
-
-* `startservers`: The number of child server processes created on startup.
-
- Values: Integer.
-
- Default: `8`.
-
-* `minspareservers`: The desired minimum number of idle child server processes.
-
- Values: Integer.
-
- Default: `5`.
-
-* `maxspareservers`: The desired maximum number of idle child server processes.
-
- Values: Integer.
-
- Default: `20`.
-
-* `serverlimit`: The maximum configured value for MaxRequestWorkers for the lifetime of the Apache httpd process.
-
- Values: Integer.
-
- Default: `256`.
-
-* `maxclients`: The limit on the number of simultaneous requests that will be served.
-
- Values: Integer.
-
- Default: `256`.
-
-* `maxrequestsperchild`: The limit on the number of connections that an individual child server process will handle.
-
- Values: Integer.
-
- Default: `4000`.
-
-* `enablecapabilities`: Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor capabilities, such as NFS.
-
- Values: Boolean.
-
- Default: `undef`.
-
-##### Class: `apache::mod::jk`
-
-Installs and manages `mod_jk`, a connector for Apache httpd redirection to old versions of TomCat and JBoss
-
-**Note**: There is no official package available for mod\_jk and thus it must be made available by means outside of the control of the apache module. Binaries can be found at [Apache Tomcat Connectors download page](https://tomcat.apache.org/download-connectors.cgi)
-
-``` puppet
-class { '::apache::mod::jk':
- ip => '192.168.2.15',
- workers_file => 'conf/workers.properties',
- mount_file => 'conf/uriworkermap.properties',
- shm_file => 'run/jk.shm',
- shm_size => '50M',
- workers_file_content => {
-
- },
-}
-```
-
-See [templates/mod/jk/workers.properties.erb](templates/mod/jk/workers.properties.erb) for more information.
-
-**Parameters within `apache::mod::jk`**:
-
-The best source for understanding the `mod_jk` parameters is the [official documentation](https://tomcat.apache.org/connectors-doc/reference/apache.html), except for:
-
-**add_listen**
-
-Defines if a `Listen` directive according to parameters `ip` and `port` (see below), so that Apache listens to the IP/port combination and redirect to `mod_jk`.
-Useful when another `Listen` directive, like `Listen *:` or `Listen `, can conflict with the one necessary for `mod_jk` binding.
-
-Type: Boolean
-Default: true
-
-**ip**
-
-IP for binding to `mod_jk`.
-Useful when the binding address is not the primary network interface IP.
-
-Type: String
-Default: `$facts['ipaddress']`
-
-**port**
-
-Port for binding to `mod_jk`.
-Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then needs to forward them to Apache at a different port.
-
-Type: String (numerical)
-Default: '80'
-
-**workers\_file\_content**
-
-Each directive has the format `worker..=`. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash specifies each worker properties and values.
-Plus, there are two global directives, 'worker.list' and 'worker.maintain'
-For example, the workers file below should be parameterized as Figure 1:
-
-``` puppet
-worker.list = status
-worker.list = some_name,other_name
-
-worker.maintain = 60
-
-# Optional comment
-worker.some_name.type=ajp13
-worker.some_name.socket_keepalive=true
-
-# I just like comments
-worker.other_name.type=ajp12 (why would you?)
-worker.other_name.socket_keepalive=false
-```
-
-**Figure 1:**
-
-``` puppet
-$workers_file_content = {
- worker_lists => ['status', 'some_name,other_name'],
- worker_maintain => '60',
- some_name => {
- comment => 'Optional comment',
- type => 'ajp13',
- socket_keepalive => 'true',
- },
- other_name => {
- comment => 'I just like comments',
- type => 'ajp12',
- socket_keepalive => 'false',
- },
-}
-```
-
-**mount\_file\_content**
-
-Each directive has the format ` = `. This maps as a hash of hashes, where the outer hash specifies workers, and each inner hash contains two items:
-* uri_list—an array with URIs to be mapped to the worker
-* comment—an optional string with a comment for the worker.
-For example, the mount file below should be parameterized as Figure 2:
-
-``` puppet
-# Worker 1
-/context_1/ = worker_1
-/context_1/* = worker_1
-
-# Worker 2
-/ = worker_2
-/context_2/ = worker_2
-/context_2/* = worker_2
-```
-
-**Figure 2:**
-
-``` puppet
-$mount_file_content = {
- worker_1 => {
- uri_list => ['/context_1/', '/context_1/*'],
- comment => 'Worker 1',
- },
- worker_2 => {
- uri_list => ['/context_2/', '/context_2/*'],
- comment => 'Worker 2',
- },
-},
-```
-
-**shm\_file and log\_file**
-
-Depending on how these files are specified, the class creates their final path differently:
-- Relative path: prepends supplied path with `logroot` (see below)
-- Absolute path or pipe: uses supplied path as-is
-
-Examples (RHEL 6):
-
-``` puppet
-shm_file => 'shm_file'
-# Ends up in
-$shm_path = '/var/log/httpd/shm_file'
-```
-``` puppet
-shm_file => '/run/shm_file'
-# Ends up in
-$shm_path = '/run/shm_file'
-```
-``` puppet
-shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
-# Ends up in
-$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
-```
-
-> The default logroot is sane enough. Therefore, it is not recommended to specify absolute paths.
-
-**logroot**
-
-The base directory for `shm_file` and `log_file` is determined by the `logroot` parameter. If unspecified, defaults to `apache::params::logroot`.
-
-> The default logroot is sane enough. Therefore, it is not recommended to override it.
-
-##### Class: `apache::mod::passenger`
-
-Installs and manages [`mod_passenger`][]. For Red Hat-based systems, ensure that you meet the minimum requirements described in the [passenger docs](https://www.phusionpassenger.com/library/install/apache/install/oss/el6/#step-1:-upgrade-your-kernel,-or-disable-selinux).
-
-The current set of server configurations settings were taken directly from the [Passenger Reference](https://www.phusionpassenger.com/library/config/apache/reference/). To enable deprecation warnings and removal failure messages, set the `passenger_installed_version` to the version number installed on the server.
-
-**Parameters**:
-
-|parameter|default value|passenger config setting|context|notes|
-|---------|-------------|------------------------|-------|-----|
-|manage_repo|true|n/a|||
-|mod_id|undef|n/a|||
-|mod_lib|undef|n/a|||
-|mod_lib_path|undef|n/a|||
-|mod_package|undef|n/a|||
-|mod_package_ensure|undef|n/a|||
-|mod_path|undef|n/a|||
-|passenger_allow_encoded_slashes|undef|[`PassengerAllowEncodedSlashes`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAllowEncodedSlashes)|server-config virtual-host htaccess directory ||
-|passenger_app_env|undef|[`PassengerAppEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppEnv)|server-config virtual-host htaccess directory ||
-|passenger_app_group_name|undef|[`PassengerAppGroupName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppGroupName)|server-config virtual-host htaccess directory ||
-|passenger_app_root|undef|[`PassengerAppRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppRoot)|server-config virtual-host htaccess directory ||
-|passenger_app_type|undef|[`PassengerAppType`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerAppType)|server-config virtual-host htaccess directory ||
-|passenger_base_uri|undef|[`PassengerBaseURI`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBaseURI)|server-config virtual-host htaccess directory ||
-|passenger_buffer_response|undef|[`PassengerBufferResponse`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferResponse)|server-config virtual-host htaccess directory ||
-|passenger_buffer_upload|undef|[`PassengerBufferUpload`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerBufferUpload)|server-config virtual-host htaccess directory ||
-|passenger_concurrency_model|undef|[`PassengerConcurrencyModel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerConcurrencyModel)|server-config virtual-host htaccess directory ||
-|passenger_conf_file|$::apache::params::passenger_conf_file|n/a|||
-|passenger_conf_package_file|$::apache::params::passenger_conf_package_file|n/a|||
-|passenger_data_buffer_dir|undef|[`PassengerDataBufferDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDataBufferDir)|server-config ||
-|passenger_debug_log_file|undef|PassengerDebugLogFile|server-config |This option has been renamed in version 5.0.5 to PassengerLogFile.|
-|passenger_debugger|undef|[`PassengerDebugger`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDebugger)|server-config virtual-host htaccess directory ||
-|passenger_default_group|undef|[`PassengerDefaultGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultGroup)|server-config ||
-|passenger_default_ruby|$::apache::params::passenger_default_ruby|[`PassengerDefaultRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultRuby)|server-config ||
-|passenger_default_user|undef|[`PassengerDefaultUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDefaultUser)|server-config ||
-|passenger_disable_security_update_check|undef|[`PassengerDisableSecurityUpdateCheck`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerDisableSecurityUpdateCheck)|server-config ||
-|passenger_enabled|undef|[`PassengerEnabled`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerEnabled)|server-config virtual-host htaccess directory ||
-|passenger_error_override|undef|[`PassengerErrorOverride`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerErrorOverride)|server-config virtual-host htaccess directory ||
-|passenger_file_descriptor_log_file|undef|[`PassengerFileDescriptorLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFileDescriptorLogFile)|server-config ||
-|passenger_fly_with|undef|[`PassengerFlyWith`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFlyWith)|server-config ||
-|passenger_force_max_concurrent_requests_per_process|undef|[`PassengerForceMaxConcurrentRequestsPerProcess`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerForceMaxConcurrentRequestsPerProcess)|server-config virtual-host htaccess directory ||
-|passenger_friendly_error_pages|undef|[`PassengerFriendlyErrorPages`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerFriendlyErrorPages)|server-config virtual-host htaccess directory ||
-|passenger_group|undef|[`PassengerGroup`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerGroup)|server-config virtual-host directory ||
-|passenger_high_performance|undef|[`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerHighPerformance)|server-config virtual-host htaccess directory ||
-|passenger_installed_version|undef|n/a| |If set, will enable version checking of the passenger options against the value set.|
-|passenger_instance_registry_dir|undef|[`PassengerInstanceRegistryDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerInstanceRegistryDir)|server-config ||
-|passenger_load_shell_envvars|undef|[`PassengerLoadShellEnvvars`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLoadShellEnvvars)|server-config virtual-host htaccess directory ||
-|passenger_log_file|undef|[`PassengerLogFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogFile)|server-config ||
-|passenger_log_level|undef|[`PassengerLogLevel`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLogLevel)|server-config ||
-|passenger_lve_min_uid|undef|[`PassengerLveMinUid`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerLveMinUid)|server-config virtual-host ||
-|passenger_max_instances|undef|[`PassengerMaxInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstances)|server-config virtual-host htaccess directory ||
-|passenger_max_instances_per_app|undef|[`PassengerMaxInstancesPerApp`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxInstancesPerApp)|server-config ||
-|passenger_max_pool_size|undef|[`PassengerMaxPoolSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPoolSize)|server-config ||
-|passenger_max_preloader_idle_time|undef|[`PassengerMaxPreloaderIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxPreloaderIdleTime)|server-config virtual-host ||
-|passenger_max_request_queue_size|undef|[`PassengerMaxRequestQueueSize`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestQueueSize)|server-config virtual-host htaccess directory ||
-|passenger_max_request_time|undef|[`PassengerMaxRequestTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequestTime)|server-config virtual-host htaccess directory ||
-|passenger_max_requests|undef|[`PassengerMaxRequests`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMaxRequests)|server-config virtual-host htaccess directory ||
-|passenger_memory_limit|undef|[`PassengerMemoryLimit`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMemoryLimit)|server-config virtual-host htaccess directory ||
-|passenger_meteor_app_settings|undef|[`PassengerMeteorAppSettings`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMeteorAppSettings)|server-config virtual-host htaccess directory ||
-|passenger_min_instances|undef|[`PassengerMinInstances`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerMinInstances)|server-config virtual-host htaccess directory ||
-|passenger_nodejs|undef|[`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerNodejs)|server-config virtual-host htaccess directory ||
-|passenger_pool_idle_time|undef|[`PassengerPoolIdleTime`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPoolIdleTime)|server-config ||
-|passenger_pre_start|undef|[`PassengerPreStart`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPreStart)|server-config virtual-host ||
-|passenger_python|undef|[`PassengerPython`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerPython)|server-config virtual-host htaccess directory ||
-|passenger_resist_deployment_errors|undef|[`PassengerResistDeploymentErrors`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResistDeploymentErrors)|server-config virtual-host htaccess directory ||
-|passenger_resolve_symlinks_in_document_root|undef|[`PassengerResolveSymlinksInDocumentRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResolveSymlinksInDocumentRoot)|server-config virtual-host htaccess directory ||
-|passenger_response_buffer_high_watermark|undef|[`PassengerResponseBufferHighWatermark`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerResponseBufferHighWatermark)|server-config ||
-|passenger_restart_dir|undef|[`PassengerRestartDir`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRestartDir)|server-config virtual-host htaccess directory ||
-|passenger_rolling_restarts|undef|[`PassengerRollingRestarts`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRollingRestarts)|server-config virutal-host htaccess directory ||
-|passenger_root|$::apache::params::passenger_root|[`PassengerRoot`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRoot)|server-config ||
-|passenger_ruby|$::apache::params::passenger_ruby|[`PassengerRuby`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerRuby)|server-config virutal-host htaccess directory ||
-|passenger_security_update_check_proxy|undef|[`PassengerSecurityUpdateCheckProxy`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSecurityUpdateCheckProxy)|server-config ||
-|passenger_show_version_in_header|undef|[`PassengerShowVersionInHeader`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerShowVersionInHeader)|server-config ||
-|passenger_socket_backlog|undef|[`PassengerSocketBacklog`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSocketBacklog)|server-config ||
-|passenger_spawn_method|undef|[`PassengerSpawnMethod`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerSpawnMethod)|server-config virtual-host ||
-|passenger_start_timeout|undef|[`PassengerStartTimeout`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartTimeout)|server-config virtual-host htaccess directory ||
-|passenger_startup_file|undef|[`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStartupFile)|server-config virtual-host htaccess directory ||
-|passenger_stat_throttle_rate|undef|[`PassengerStatThrottleRate`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStatThrottleRate)|server-config ||
-|passenger_sticky_sessions|undef|[`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessions)|server-config virtual-host htaccess directory ||
-|passenger_sticky_sessions_cookie_name|undef|[`PassengerStickySessionsCookieName`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerStickySessionsCookieName)|server-config virtual-host htaccess directory ||
-|passenger_thread_count|undef|[`PassengerThreadCount`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerThreadCount)|server-config virtual-host htaccess directory ||
-|passenger_use_global_queue|undef|PassengerUseGlobalQueue|server-config ||
-|passenger_user|undef|[`PassengerUser`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUser)|server-config virtual-host directory ||
-|passenger_user_switching|undef|[`PassengerUserSwitching`](https://www.phusionpassenger.com/library/config/apache/reference/#PassengerUserSwitching)|server-config ||
-|rack_auto_detect|undef|RackAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.|
-|rack_autodetect|undef|n/a|||
-|rack_base_uri|undef|RackBaseURI|server-config |Deprecated in 3.0.0 in favor of PassengerBaseURI.|
-|rack_env|undef|[`RackEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RackEnv)|server-config virtual-host htaccess directory ||
-|rails_allow_mod_rewrite|undef|RailsAllowModRewrite|server-config |This option doesn't do anything anymore in since version 4.0.0.|
-|rails_app_spawner_idle_time|undef|RailsAppSpawnerIdleTime|server-config |This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.|
-|rails_auto_detect|undef|RailsAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.|
-|rails_autodetect|undef|n/a|||
-|rails_base_uri|undef|RailsBaseURI|server-config |Deprecated in 3.0.0 in favor of PassengerBaseURI.|
-|rails_default_user|undef|RailsDefaultUser|server-config |Deprecated in 3.0.0 in favor of PassengerDefaultUser.|
-|rails_env|undef|[`RailsEnv`](https://www.phusionpassenger.com/library/config/apache/reference/#RailsEnv)|server-config virtual-host htaccess directory ||
-|rails_framework_spawner_idle_time|undef|RailsFrameworkSpawnerIdleTime|server-config |This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed altogether. You should use smart spawning instead.|
-|rails_ruby|undef|RailsRuby|server-config |Deprecated in 3.0.0 in favor of PassengerRuby.|
-|rails_spawn_method|undef|RailsSpawnMethod|server-config |Deprecated in 3.0.0 in favor of PassengerSpawnMethod.|
-|rails_user_switching|undef|RailsUserSwitching|server-config |Deprecated in 3.0.0 in favor of PassengerUserSwitching.|
-|wsgi_auto_detect|undef|WsgiAutoDetect|server-config |These options have been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.|
-
-
-##### Class: `apache::mod::ldap`
-
-Installs and configures [`mod_ldap`][], and allows you to modify the
-[`LDAPTrustedGlobalCert`](https://httpd.apache.org/docs/current/mod/mod_ldap.html#ldaptrustedglobalcert) Directive:
-
-``` puppet
-class { 'apache::mod::ldap':
- ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
- ldap_trusted_global_cert_type => 'CA_DER',
- ldap_trusted_mode => 'TLS',
- ldap_shared_cache_size => '500000',
- ldap_cache_entries => '1024',
- ldap_cache_ttl => '600',
- ldap_opcache_entries => '1024',
- ldap_opcache_ttl => '600',
-}
-```
-
-**Parameters**
-
-* `apache_version`: Specifies the installed Apache version.
-
- Default: `undef`.
-
-* `ldap_trusted_global_cert_file`: Specifies the path and file name of the trusted CA certificates to use when establishing SSL or TLS connections to an LDAP server.
-
-* `ldap_trusted_global_cert_type`: Specifies the global trust certificate format.
-
- Default: 'CA_BASE64'.
-
-* `ldap_trusted_mode`: Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
-
-* `ldap_shared_cache_size`: Specifies the size, in bytes, of the shared memory cache.
-
-* `ldap_cache_entries`: Specifies the maximum number of entries in the primary LDAP cache.
-
-* `ldap_cache_ttl`: Specifies the time, in seconds, that cached items remain valid.
-
-* `ldap_opcache_entries`: Specifies the number of entries used to cache LDAP compare operations.
-
-* `ldap_opcache_ttl`: Specifies the time, in seconds, that entries in the operation cache remain valid.
-
-* `package_name`: Specifies the custom package name.
-
- Default: `undef`.
-
-##### Class: `apache::mod::negotiation`
-
-Installs and configures [`mod_negotiation`][].
-
-**Parameters**:
-
-* `force_language_priority`: Sets the `ForceLanguagePriority` option.
-
- Values: A string.
-
- Default: `Prefer Fallback`.
-
-* `language_priority`: An [array][] of languages to set the `LanguagePriority` option of the module.
-
- Default: ['en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et', 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn', 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN', 'zh-TW']
-
-##### Class: `apache::mod::nss`
-
-An SSL provider for Apache using the NSS crypto libraries.
-
-**Parameters:**
-
-- `transfer_log`: path to access.log
-- `error_log`: path to error.log
-- `passwd_file`: path to file used for NSSPassPhraseDialog directive
-- `port`: SSL port. Defaults to 8443
-
-##### Class: `apache::mod::pagespeed`
-
-Installs and manages [`mod_pagespeed`][], a Google module that rewrites web pages to reduce latency and bandwidth.
-
-Although this apache module requires the `mod-pagespeed-stable` package, Puppet **does not** manage the software repositories required to automatically install the package. If you declare this class when the package is either not installed or not available to your package manager, your Puppet run will fail.
-
-> **Note:** Verify that your system is compatible with the latest Google Pagespeed requirements.
-
-**Parameters**:
-
-These parameters correspond to the module's directives. See the [module's documentation][`mod_pagespeed`] for details.
-
-* `inherit_vhost_config`: Default: 'on'.
-* `filter_xhtml`: Default: `false`.
-* `cache_path`: Default: '/var/cache/mod_pagespeed/'.
-* `log_dir`: Default: '/var/log/pagespeed'.
-* `memcache_servers`: Default: [].
-* `rewrite_level`: Default: 'CoreFilters'.
-* `disable_filters`: Default: [].
-* `enable_filters`: Default: [].
-* `forbid_filters`: Default: [].
-* `rewrite_deadline_per_flush_ms`: Default: 10.
-* `additional_domains`: Default: `undef`.
-* `file_cache_size_kb`: Default: 102400.
-* `file_cache_clean_interval_ms`: Default: 3600000.
-* `lru_cache_per_process`: Default: 1024.
-* `lru_cache_byte_limit`: Default: 16384.
-* `css_flatten_max_bytes`: Default: 2048.
-* `css_inline_max_bytes`: Default: 2048.
-* `css_image_inline_max_bytes`: Default: 2048.
-* `image_inline_max_bytes`: Default: 2048.
-* `js_inline_max_bytes`: Default: 2048.
-* `css_outline_min_bytes`: Default: 3000.
-* `js_outline_min_bytes`: Default: 3000.
-* `inode_limit`: Default: 500000.
-* `image_max_rewrites_at_once`: Default: 8.
-* `num_rewrite_threads`: Default: 4.
-* `num_expensive_rewrite_threads`: Default: 4.
-* `collect_statistics`: Default: 'on'.
-* `statistics_logging`: Default: 'on'.
-* `allow_view_stats`: Default: [].
-* `allow_pagespeed_console`: Default: [].
-* `allow_pagespeed_message`: Default: [].
-* `message_buffer_size`: Default: 100000.
-* `additional_configuration`: A hash of directive value pairs, or an array of lines to insert at the end of the pagespeed configuration. Default: '{ }'.
-
-##### Class: `apache::mod::passenger`
-
-Installs and configures `mod_passenger`.
-
->**Note**: The passenger module isn't available on RH/CentOS without providing the dependency packages provided by EPEL and the `mod_passengers` custom repository. See the `manage_repo` parameter above and [https://www.phusionpassenger.com/library/install/apache/install/oss/el7/]()
-
-**Parameters**:
-
-* `passenger_conf_file`: `$::apache::params::passenger_conf_file`
-* `passenger_conf_package_file: `$::apache::params::passenger_conf_package_file`
-* `passenger_high_performance`: Default: `undef`
-* `passenger_pool_idle_time`: Default: `undef`
-* `passenger_max_request_queue_size`: Default: `undef`
-* `passenger_max_requests`: Default: `undef`
-* `passenger_spawn_method`: Default: `undef`
-* `passenger_stat_throttle_rate`: Default: `undef`
-* `rack_autodetect`: Default: `undef`
-* `rails_autodetect`: Default: `undef`
-* `passenger_root` : `$::apache::params::passenger_root`
-* `passenger_ruby` : `$::apache::params::passenger_ruby`
-* `passenger_default_ruby`: `$::apache::params::passenger_default_ruby`
-* `passenger_max_pool_size`: Default: `undef`
-* `passenger_min_instances`: Default: `undef`
-* `passenger_max_instances_per_app`: Default: `undef`
-* `passenger_use_global_queue`: Default: `undef`
-* `passenger_app_env`: Default: `undef`
-* `passenger_log_file`: Default: `undef`
-* `passenger_log_level`: Default: `undef`
-* `passenger_data_buffer_dir`: Default: `undef`
-* `manage_repo`: Whether to manage the phusionpassenger.com repository. Default: `true`.
-* `mod_package`: Default: `undef`.
-* `mod_package_ensure`: Default: `undef`.
-* `mod_lib`: Default: `undef`.
-* `mod_lib_path`: Default: `undef`.
-* `mod_id`: Default: `undef`.
-* `mod_path`: Default: `undef`.
-
-##### Class: `apache::mod::proxy`
-
-Installs `mod_proxy` and uses the `proxy.conf.erb` template to generate its configuration.
-
-**Parameters within `apache::mod::proxy`**:
-
-- `allow_from`: Default: `undef`.
-- `apache_version`: Default: `undef`.
-- `package_name`: Default: `undef`.
-- `proxy_requests`: Default: 'Off'.
-- `proxy_via`: Default: 'On'.
-
-##### Class: `apache::mod::proxy_balancer`
-
-Installs and manages [`mod_proxy_balancer`][], which provides load balancing.
-
-**Parameters**:
-
-* `manager`: Determines whether to enable balancer manager support.
-
- Default: `false`.
-
-* `manager_path`: The server location of the balancer manager.
-
- Default: '/balancer-manager'.
-
-* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/balancer-manager`.
-
- Default: ['127.0.0.1','::1'].
-
-* `apache_version`: Apache's version number as a string, such as '2.2' or '2.4'.
-
- Default: the value of [`$::apache::apache_version`][`apache_version`]. On Apache 2.4 or greater, `mod_slotmem_shm` is loaded.
-
-##### Class: `apache::mod::php`
-
-Installs and configures [`mod_php`][].
-
-**Parameters**:
-
-Default values for these parameters depend on your operating system. Most of this class's parameters correspond to `mod_php` directives; see the [module's documentation][`mod_php`] for details.
-
-* `package_name`: Names the package that installs `mod_php`.
-* `path`: Defines the path to the `mod_php` shared object (`.so`) file.
-* `source`: Defines the path to the default configuration. Values include a `puppet:///` path.
-* `template`: Defines the path to the `php.conf` template Puppet uses to generate the configuration file.
-* `content`: Adds arbitrary content to `php.conf`.
-* `libphp_prefix`: Allows the definition of a libphp prefix. Defaults to `libphp`.
-
-##### Class: `apache::mod::proxy_html`
-
-**Note**: There is no official package available for `mod_proxy_html`, so you must make it available outside of the apache module.
-
-##### Class: `apache::mod::python`
-
-Installs and configures [`mod_python`][].
-
-**Parameters**
-
-* `loadfile_name`: Sets the name of the configuration file that is used to load the python module.
-
-##### Class: `apache::mod::reqtimeout`
-
-Installs and configures [`mod_reqtimeout`][].
-
-**Parameters**
-
-* `timeouts`: Sets the [`RequestReadTimeout`][] option.
-
- Values: A string or [array][].
-
- Default: ['header=20-40,MinRate=500', 'body=20,MinRate=500'].
-
-##### Class: `apache::mod::rewrite`
-
-Installs and enables the Apache module `mod_rewrite`.
-
-##### Class: `apache::mod::shib`
-
-Installs the [Shibboleth](http://shibboleth.net/) Apache module `mod_shib`, which enables SAML2 single sign-on (SSO) authentication by Shibboleth Identity Providers and Shibboleth Federations. Defining this class enables Shibboleth-specific parameters in `apache::vhost` instances.
-
-This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
-
-**Note**: The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories. See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide).
-
-##### Class: `apache::mod::ssl`
-
-Installs [Apache SSL features][`mod_ssl`] and uses the `ssl.conf.erb` template to generate its configuration. On most operating systems, this `ssl.conf` is placed in the module configuration directory. On Red Hat-based operating systems, this file is placed in `/etc/httpd/conf.d`, the same location in which the RPM stores the configuration.
-
-To use SSL with a virtual host, you must either set the [`default_ssl_vhost`][] parameter in `::apache` to `true` **or** the [`ssl`][] parameter in [`apache::vhost`][] to `true`.
-
-- `ssl_cipher`: Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'.
-- `ssl_compression`: Default: false.
-- `ssl_cryptodevice`: Default: 'builtin'.
-- `ssl_honorcipherorder`: Default: true.
-- `ssl_openssl_conf_cmd`: Default: undef.
-- `ssl_cert`: Default: undef.
-- `ssl_key`: Default: undef.
-- `ssl_options`: Default: ['StdEnvVars']
-- `ssl_pass_phrase_dialog`: Default: 'builtin'.
-- `ssl_protocol`: Default: ['all', '-SSLv2', '-SSLv3'].
-- `ssl_proxy_protocol`: Default: [].
-- `ssl_random_seed_bytes`: Valid options: A string. Default: '512'.
-- `ssl_sessioncache`: Valid options: A string. Default: '300'.
-- `ssl_sessioncachetimeout`: Valid options: A string. Default: '300'.
-- `ssl_mutex`: Default: Determined based on the OS. Valid options: See [mod_ssl][mod_ssl] documentation.
- - RedHat/FreeBSD/Suse/Gentoo: 'default'
- - Debian/Ubuntu + Apache >= 2.4: 'default'
- - Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'
-**Parameters:
-
-* `ssl_cipher`
-
- Default: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4'.
-
-* `ssl_compression`
-
- Default: `false`.
-
-* `ssl_cryptodevice`
-
- Default: 'builtin'.
-
-* `ssl_honorcipherorder`
-
- Default: `true`.
-
-* `ssl_openssl_conf_cmd`
-
- Default: `undef`.
-
-* `ssl_cert`
-
- Default: `undef`.
-
-* `ssl_key`
-
- Default: `undef`.
-
-* `ssl_options`
-
- Default: ['StdEnvVars']
-
-* `ssl_pass_phrase_dialog`
-
- Default: 'builtin'.
-
-* `ssl_protocol`
-
- Default: ['all', '-SSLv2', '-SSLv3'].
-
-* `ssl_random_seed_bytes`
-
- Values: A string.
-
- Default: '512'.
-
-* `ssl_sessioncachetimeout`
-
- Values: A string.
-
- Default: '300'.
-
-* `ssl_mutex`:
-
- Values: See [mod_ssl][mod_ssl] documentation.
-
- Default: Based on the OS:
-
- * RedHat/FreeBSD/Suse/Gentoo: 'default'.
- * Debian/Ubuntu + Apache >= 2.4: 'default'.
- * Debian/Ubuntu + Apache < 2.4: 'file:\${APACHE_RUN_DIR}/ssl_mutex'.
- * Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'.
-
-
-##### Class: `apache::mod::status`
-
-Installs [`mod_status`][] and uses the `status.conf.erb` template to generate its configuration.
-
-**Parameters**:
-
-* `allow_from`: An [array][] of IPv4 or IPv6 addresses that can access `/server-status`.
-
- Default: ['127.0.0.1','::1'].
-
-* `requires`: A string, an [array][] or a [hash][], of IPs and/or names that can/can't access `/server-status`, using Apache v. >= 2.4 `mod_authz_host` directives (`require ip`, `require host`, etc.). This parameter should follow one of the structures below:
-
- > Only used if Apache version >= 2.4
-
- - `undef` - Uses `allow_from` and old directive syntax (`Allow from `). Issues deprecation warning.
- - String
- - `''` or `'unmanaged'` - No auth directives (access controlled elsewhere)
- - `'ip '` - IPs/ranges allowed to access `/server-status`
- - `'host '` - Names/domains allowed to access `/server-status`
- - `'all [granted|denied]'` - Allow / block everyone
- - Array - Each item should be a string from those described above. Results in one directive per array item.
- - Hash with structure below (shown as key => value, where keys are strings):
- - `'requires'` => Array as above - Same effect as the array
- - `'enforce'` => String `'Any'`, `'All'` or `'None'` (optional) - Encloses all directives from `'requires'` key in a `` block
-
- Default: 'ip 127.0.0.1 ::1'
-
-* `extended_status`: Determines whether to track extended status information for each request, via the [`ExtendedStatus`][] directive.
-
- Values: 'Off', 'On'.
-
- Default: 'On'.
-
-* `status_path`: The server location of the status page.
-
- Default: '/server-status'.
-
-##### Class: `apache::mod::userdir`
-
-Allows user-specific directories to be accessed using the `http://example.com/~user/` syntax. All parameters can be found in in the [official Apache documentation](https://httpd.apache.org/docs/2.4/mod/mod_userdir.html).
-
-**Parameters**:
-
-* `overrides`: An [array][] of directive-types.
-
- Default: ['FileInfo', 'AuthConfig', 'Limit', 'Indexes'].
-
-##### Class: `apache::mod::version`
-
-Installs [`mod_version`][] on many operating systems and Apache configurations.
-
-If Debian and Ubuntu systems with Apache 2.4 are classified with `apache::mod::version`, Puppet warns that `mod_version` is built-in and can't be loaded.
-
-##### Class: `apache::mod::security`
-
-Installs and configures Trustwave's [`mod_security`][]. It is enabled and runs by default on all virtual hosts.
-
-**Parameters**:
-
-* `activated_rules`: An [array][] of rules from the `modsec_crs_path` or absolute to activate via symlinks.
-* `allowed_methods`: A space-separated list of allowed HTTP methods.
-
- Default: 'GET HEAD POST OPTIONS'.
-
-* `content_types`: A list of one or more allowed [MIME types][MIME `content-type`].
-
- Default: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'.
-
-* `crs_package`: Names the package that installs CRS rules.
-
- Default: `modsec_crs_package` in [`apache::params`][].
-
-* `manage_security_crs`: Manage security_crs.conf rules file.
-
- Default: `true`.
-
-* `modsec_dir`: Defines the path where Puppet installs the modsec configuration and activated rules links.
-
- Default: 'On', set by `modsec_dir` in [`apache::params`][].
-${modsec\_dir}/activated\_rules.
-
-* `modsec_secruleengine`: Configures the modsec rules engine. Values: 'On', 'Off', and 'DetectionOnly'.
-
- Default: `modsec_secruleengine` in [`apache::params`][].
-
-* `restricted_extensions`: A space-sparated list of prohibited file extensions.
-
- Default: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'.
-
-* `restricted_headers`: A list of restricted headers separated by slashes and spaces.
-
- Default: 'Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'.
-
-* `secdefaultaction`: Configures the Mode of Operation, Self-Contained ('deny') or Collaborative Detection ('pass'), for the OWASP ModSecurity Core Rule Set.
-
- Default: 'deny'. You can also set full values, such as "log,auditlog,deny,status:406,tag:'SLA 24/7'".
-
-* `secpcrematchlimit`: Sets the number for the match limit in the PCRE library.
-
- Default: 1500.
-
-* `secpcrematchlimitrecursion`: Sets the number for the match limit recursion in the PCRE library.
-
- Default: 1500.
-
-* `logroot`: Configures the location of audit and debug logs.
-
- Defaults to the Apache log directory (Redhat: `/var/log/httpd`, Debian: `/var/log/apache2`).
-
-* `audit_log_relevant_status`: Configures which response status code is to be considered relevant for the purpose of audit logging.
-
- Default: '^(?:5|4(?!04))'.
-
-* `audit_log_parts`: Sets the sections to be put in the [audit log][].
-
- Default: 'ABIJDEFHZ'.
-
-* `anomaly_score_blocking`: Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
-
- Default: 'off'.
-
-* `inbound_anomaly_threshold`: Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-
- Default: 5.
-
-* `outbound_anomaly_threshold`: Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-
- Default: 4.
-
-* `critical_anomaly_score`: Sets the scoring points of the critical severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-
- Default: 5.
-
-* `error_anomaly_score`: Sets the scoring points of the error severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-
- Default: 4.
-
-* `warning_anomaly_score`: Sets the scoring points of the warning severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-
- Default: 3.
-
-* `notice_anomaly_score`: Sets the scoring points of the notice severity level for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
-
-Default: 2.
-
-* `secrequestmaxnumargs`: Sets the Maximum number of arguments in the request.
-
- Default: 255.
-
-* `secrequestbodylimit`: Sets the maximum request body size ModSecurity accepts for buffering.
-
- Default: '13107200'.
-
-* `secrequestbodynofileslimit`: Sets the maximum request body size ModSecurity accepts for buffering, excluding the size of any files being transported in the request.
-
- Default: '131072'.
-
-* `secrequestbodyinmemorylimit`: Sets the maximum request body size that ModSecurity stores in memory.
-
- Default: '131072'
-
-##### Class: `apache::mod::wsgi`
-
-Enables Python support via [`mod_wsgi`][].
-
-**Parameters**:
-
-* `mod_path`: Defines the path to the `mod_wsgi` shared object (`.so`) file.
-
- Default: `undef`.
-
- * If the `mod_path` parameter doesn't contain `/`, Puppet prefixes it with your operating system's default module path. Otherwise, Puppet follows it literally.
-
-* `package_name`: Names the package that installs `mod_wsgi`.
-
- Default: `undef`.
-
-* `wsgi_python_home`: Defines the [`WSGIPythonHome`][] directive, such as '/path/to/venv'.
-
- Values: A string specifying a path.
-
- Default: `undef`.
-
-* `wsgi_python_path`: Defines the [`WSGIPythonPath`][] directive, such as '/path/to/venv/site-packages'.
-
- Values: A string specifying a path.
-
- Default: `undef`.
-
-* `wsgi_restrict_embedded`: Defines the [`WSGIRestrictEmbedded`][] directive, such as 'On'.
-
- Values: On|Off|undef.
-
- Default: undef.
-
-* `wsgi_application_group`: Defines the [`WSGIApplicationGroup`][] directive, such as "%{GLOBAL}".
-
- Values: A string specifying a wsgi application.
-
- Default: `undef`.
-
-* `wsgi_python_optimize`: Defines the [`WSGIPythonOptimize`][] directive, such as 1.
-
- Values: A integer specifying the level of Python compiler optimisations.
-
- Default: `undef`.
-
-* `wsgi_socket_prefix`: Defines the [`WSGISocketPrefix`][] directive, such as "\${APACHE\_RUN\_DIR}WSGI".
-
- Default: `wsgi_socket_prefix` in [`apache::params`][].
-
-The class's parameters correspond to the module's directives. See the [module's documentation][`mod_wsgi`] for details.
-
-### Private Classes
-
-#### Class: `apache::confd::no_accf`
-
-Creates the `no-accf.conf` configuration file in `conf.d`, required by FreeBSD's Apache 2.4.
-
-#### Class: `apache::default_confd_files`
-
-Includes `conf.d` files for FreeBSD.
-
-#### Class: `apache::default_mods`
-
-Installs the Apache modules required to run the default configuration. See the `apache` class's [`default_mods`][] parameter for details.
-
-#### Class: `apache::package`
-
-Installs and configures basic Apache packages.
-
-#### Class: `apache::params`
-
-Manages Apache parameters for different operating systems.
-
-#### Class: `apache::service`
-
-Manages the Apache daemon.
-
-#### Class: `apache::version`
-
-Attempts to automatically detect the Apache version based on the operating system.
-
-##### Red Hat Software Collections (SCL)
-
-Software Collections on CentOS/RHEL allow for newer Apache and PHP, amongst other packages.
-
-If `scl_httpd_version` is set, Apache Httpd will get installed from [Software Collections](https://www.softwarecollections.org/en/).
-
-If `scl_httpd_version` is set, `scl_php_version` also needs to be set, even if PHP is not going to be installed.
-
-The repository is not managed by this module yet. For CentOS you can enable the repo by installing the package `centos-release-scl-rh`.
-
-##### `scl_httpd_version`
-
-Version of httpd to install using Red Hat Software Collections (SCL). These collections for CentOS and RHEL allow for newer Apache and PHP packages.
-
-If you set `scl_httpd_version`, Apache httpd is installed from [Software Collections](https://www.softwarecollections.org/en/).
-
-If you set `scl_httpd_version`, you must also set `scl_php_version`, even if you are not installing PHP.
-
-The SCL repository is not managed by this module. For CentOS, enable the repo by installing the package `centos-release-scl-rh`.
-
-Valid value: A string specifying the version of httpd to install. For example, for Apache 2.4, specify '2.4'.
-
-Default: undef.
-
-##### `scl_php_version`
-
-Version of PHP to install using Red Hat Software Collections (SCL). These collections for CentOS and RHEL allow for newer Apache and PHP packages.
-
-If you set `scl_php_version`, PHP is installed from [Software Collections](https://www.softwarecollections.org/en/).
-
-The SCL repository is not managed by this module. For CentOS, enable the repo by installing the package `centos-release-scl-rh`.
-
-Valid value: A string specifying the version of PHP to install. For example, for PHP 7.1, specify '7.1'.
-
-Default: undef.
-
-### Public defined types
-
-#### Defined type: `apache::balancer`
-
-Creates an Apache load balancing group, also known as a balancer cluster, using [`mod_proxy`][]. Each load balancing group needs one or more balancer members, which you can declare in Puppet with the [`apache::balancermember`][] defined type.
-
-Declare one `apache::balancer` defined type for each Apache load balancing group. You can export `apache::balancermember` defined types for all balancer members and collect them on a single Apache load balancer server using [exported resources][].
-
-**Parameters**:
-
-##### `name`
-
-Sets the title of the balancer cluster and name of the `conf.d` file containing its configuration.
-
-##### `proxy_set`
-
-Configures key-value pairs as [`ProxySet`][] lines. Values: a [hash][].
-
-Default: '{}'.
-
-##### `options`
-
-Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the balancer URL, and accepts any key-value pairs available to [`ProxyPass`][].
-
-Default: [].
-
-##### `collect_exported`
-
-Determines whether to use [exported resources][].
-
-If you statically declare all of your backend servers, set this parameter to `false` to rely on existing, declared balancer member resources. Also, use `apache::balancermember` with [array][] arguments.
-
-To dynamically declare backend servers via exported resources collected on a central node, set this parameter to `true` to collect the balancer member resources exported by the balancer member nodes.
-
-If you don't use exported resources, a single Puppet run configures all balancer members. If you use exported resources, Puppet has to run on the balanced nodes first, then run on the balancer.
-
-Boolean.
-
-Default: `true`.
-
-#### Defined type: `apache::balancermember`
-
-Defines members of [`mod_proxy_balancer`][], which sets up a balancer member inside a listening service configuration block in the load balancer's `apache.cfg`.
-
-**Parameters**:
-
-##### `balancer_cluster`
-
-**Required**.
-
-Sets the Apache service's instance name, and must match the name of a declared [`apache::balancer`][] resource.
-
-##### `url`
-
-Specifies the URL used to contact the balancer member server.
-
-Default: 'http://${::fqdn}/'.
-
-##### `options`
-
-Specifies an [array][] of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember) after the URL, and accepts any key-value pairs available to [`ProxyPass`][].
-
-Default: an empty array.
-
-#### Defined type: `apache::custom_config`
-
-Adds a custom configuration file to the Apache server's `conf.d` directory. If the file is invalid and this defined type's [`verify_config`][] parameter's value is `true`, Puppet throws an error during a Puppet run.
-
-**Parameters**:
-
-##### `ensure`
-
-Specifies whether the configuration file should be present.
-
-Values: 'absent', 'present'.
-
-Default: 'present'.
-
-##### `confdir`
-
-Sets the directory in which Puppet places configuration files.
-
-Default: the value of [`$::apache::confd_dir`][`confd_dir`].
-
-##### `content`
-
-Sets the configuration file's content. The `content` and [`source`][] parameters are exclusive of each other.
-
-Default: `undef`
-
-##### `filename`
-
-Sets the name of the file under `confdir` in which Puppet stores the configuration.
-
-Default: Filename generated from the `priority` parameter and the resource name.
-
-##### `priority`
-
-Sets the configuration file's priority by prefixing its filename with this parameter's numeric value, as Apache processes configuration files in alphanumeric order.
-
-To omit the priority prefix in the configuration file's name, set this parameter to `false`.
-
-Default: '25'.
-
-##### `source`
-
-Points to the configuration file's source. The [`content`][] and `source` parameters are exclusive of each other.
-
-Default: `undef`
-
-##### `verify_command`
-
-Specifies the command Puppet uses to verify the configuration file. Use a fully qualified command.
-
-This parameter is used only if the [`verify_config`][] parameter's value is `true`. If the `verify_command` fails, the Puppet run deletes the configuration file and raises an error, but does not notify the Apache service.
-
-Default: '/usr/sbin/apachectl -t'.
-
-##### `verify_config`
-
-Specifies whether to validate the configuration file before notifying the Apache service.
-
-Boolean.
-
-Default: `true`.
-
-#### Defined type: `apache::fastcgi::server`
-
-Defines one or more external FastCGI servers to handle specific file types. Use this defined type with [`mod_fastcgi`][FastCGI].
-
-**Parameters**
-
-##### `host`
-
-Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
-
-Default: '127.0.0.1:9000'.
-
-##### `timeout`
-
-Sets the number of seconds a [FastCGI][] application can be inactive before aborting the request and logging the event at the error LogLevel. The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond by writing and flushing within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply.
-
-Default: 15.
-
-##### `flush`
-
-Forces [`mod_fastcgi`][FastCGI] to write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible.
-
-Default: `false`.
-
-##### `faux_path`
-
-Apache has [FastCGI][] handle URIs that resolve to this filename. The path set in this parameter does not have to exist in the local filesystem.
-
-Default: "/var/www/${name}.fcgi".
-
-##### `alias`
-
-Internally links actions with the FastCGI server. This alias must be unique.
-
-Default: "/${name}.fcgi".
-
-##### `file_type`
-
-Sets the [MIME `content-type`][] of the file to be processed by the FastCGI server.
-
-Default: 'application/x-httpd-php'.
-
-#### Defined type: `apache::listen`
-
-Adds [`Listen`][] directives to `ports.conf` in the Apache configuration directory that define the Apache server's or a virtual host's listening address and port. The [`apache::vhost`][] class uses this defined type, and titles take the form ``, `:`, or `:`.
-
-#### Defined type: `apache::mod`
-
-Installs packages for an Apache module that doesn't have a corresponding [`apache::mod::`][] class, and checks for or places the module's default configuration files in the Apache server's `module` and `enable` directories. The default locations depend on your operating system.
-
-**Parameters**:
-
-##### `package`
-
-**Required**.
-
-Names the package Puppet uses to install the Apache module.
-
-Default: `undef`.
-
-##### `package_ensure`
-
-Determines whether Puppet ensures the Apache module should be installed.
-
-Values: 'absent', 'present'.
-
-Default: 'present'.
-
-##### `lib`
-
-Defines the module's shared object name. Do not configure manually without special reason.
-
-Default: `mod_$name.so`.
-
-##### `lib_path`
-
-Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The [`path`][] parameter overrides this value.
-
-Default: The `apache` class's [`lib_path`][] parameter.
-
-
-##### `loadfile_name`
-
-Sets the filename for the module's [`LoadFile`][] directive, which can also set the module load order as Apache processes them in alphanumeric order.
-
-Values: Filenames formatted `\*.load`.
-
-Default: the resource's name followed by 'load', as in '$name.load'.
-
-##### `loadfiles`
-
-Specifies an array of [`LoadFile`][] directives.
-
-Default: `undef`.
-
-##### `path`
-
-Specifies a path to the module. Do not manually set this parameter without a special reason.
-
-Default: [`lib_path`][]/[`lib`][].
-
-#### Defined type: `apache::namevirtualhost`
-
-Enables [name-based virtual hosts][] and adds all related directives to the `ports.conf` file in the Apache HTTPD configuration directory. Titles can take the forms '\*', '\*:\', '\_default\_:\, '\', or '\:\'.
-
-#### Defined type: `apache::vhost`
-
-The apache module allows a lot of flexibility in the setup and configuration of virtual hosts. This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache to evaluate it multiple times with different parameters.
-
-The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts that have requirements outside the defaults. You can set up a default virtual host within the base `::apache` class, as well as set a customized virtual host as the default. Customized virtual hosts have a lower numeric [`priority`][] than the base class's, causing Apache to process the customized virtual host first.
-
-The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To inject custom fragments for pieces of the configuration that the defined type doesn't inherently support, add a custom fragment.
-
-For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples of 10, so any `order` that isn't a multiple of 10 should work.
-
-> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`, because vhosts with these titles are always managed by the module. This means that you cannot override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional workaround is to create a vhost named something else, such as `my default`, and ensure that the `default` and `default_ssl` vhosts are set to `false`:
-
-```
-class { 'apache':
- default_vhost => false,
- default_ssl_vhost => false,
-}
-```
-
-**Parameters**:
-
-##### `access_log`
-
-Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
-
-Boolean.
-
-Default: `true`.
-
-##### `access_log_env_var`
-
-Specifies that only requests with particular environment variables be logged.
-
-Default: `undef`.
-
-##### `access_log_file`
-
-Sets the filename of the `*_access.log` placed in [`logroot`][]. Given a virtual host---for instance, example.com---it defaults to 'example.com_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com_access.log' for unencrypted virtual hosts.
-
-Default: `false`.
-
-##### `access_log_format`
-
-Specifies the use of either a [`LogFormat`][] nickname or a custom-formatted string for the access log.
-
-Default: 'combined'.
-
-##### `access_log_pipe`
-
-Specifies a pipe where Apache sends access log messages.
-
-Default: `undef`.
-
-##### `access_log_syslog`
-
-Sends all access log messages to syslog.
-
-Default: `undef`.
-
-##### `add_default_charset`
-
-Sets a default media charset value for the [`AddDefaultCharset`][] directive, which is added to `text/plain` and `text/html` responses.
-
-Default: `undef`.
-
-##### `add_listen`
-
-Determines whether the virtual host creates a [`Listen`][] statement.
-
-Setting `add_listen` to `false` prevents the virtual host from creating a `Listen` statement. This is important when combining virtual hosts that aren't passed an `ip` parameter with those that are.
-
-Boolean.
-
-Default: `true`.
-
-##### `use_optional_includes`
-
-Specifies whether Apache uses the [`IncludeOptional`][] directive instead of [`Include`][] for `additional_includes` in Apache 2.4 or newer.
-
-Boolean.
-
-Default: `false`.
-
-##### `additional_includes`
-
-Specifies paths to additional static, virtual host-specific Apache configuration files. You can use this parameter to implement a unique, custom configuration not supported by this module.
-
-Values: a string or [array][] of strings specifying paths.
-
-Default: an empty array.
-
-##### `aliases`
-
-Passes a list of [hashes][hash] to the virtual host to create [`Alias`][], [`AliasMatch`][], [`ScriptAlias`][] or [`ScriptAliasMatch`][] directives as per the [`mod_alias`][] documentation.
-
-For example:
-
-``` puppet
-aliases => [
- { aliasmatch => '^/image/(.*)\.jpg$',
- path => '/files/jpg.images/$1.jpg',
- },
- { alias => '/image',
- path => '/ftp/pub/image',
- },
- { scriptaliasmatch => '^/cgi-bin(.*)',
- path => '/usr/local/share/cgi-bin$1',
- },
- { scriptalias => '/nagios/cgi-bin/',
- path => '/usr/lib/nagios/cgi-bin/',
- },
- { alias => '/nagios',
- path => '/usr/share/nagios/html',
- },
-],
-```
-
-For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs a corresponding context, such as `` or ``. Puppet creates the directives in the order specified in the `aliases` parameter. As described in the [`mod_alias`][] documentation, add more specific `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more general ones to avoid shadowing.
-
-> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because you can precisely control the order of various alias directives. Defining `ScriptAliases` using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias` directives. This often causes problems; for example, this could cause problems with Nagios.
-
-If [`apache::mod::passenger`][] is loaded and `PassengerHighPerformance` is `true`, the `Alias` directive might not be able to honor the `PassengerEnabled => off` statement. See [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
-
-##### `allow_encoded_slashes`
-
-Sets the [`AllowEncodedSlashes`][] declaration for the virtual host, overriding the server default. This modifies the virtual host responses to URLs with `\` and `/` characters. Values: 'nodecode', 'off', 'on'. The default setting omits the declaration from the server configuration and selects the Apache default setting of 'Off'.
-
-Default: `undef`
-
-##### `block`
-
-Specifies the list of things to which Apache blocks access. Valid option: 'scm', which blocks web access to `.svn`, `.git`, and `.bzr` directories.
-
-Default: an empty [array][].
-
-##### `cas_attribute_prefix`
-
-Adds a header with the value of this header being the attribute values when SAML validation is enabled.
-
-Defaults: The value set by [`apache::mod::auth_cas`][].
-
-##### `cas_attribute_delimiter`
-
-Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
-
-Default: The value set by [`apache::mod::auth_cas`][].
-
-##### `cas_login_url`
-
-Sets the URL to which the module redirects users when they attempt to access a CAS-protected resource and
-don't have an active session.
-
-Default: The value set by [`apache::mod::auth_cas`][].
-
-##### `cas_scrub_request_headers`
-
-Remove inbound request headers that may have special meaning within mod_auth_cas.
-
-Default: The value set by [`apache::mod::auth_cas`][].
-
-##### `cas_sso_enabled`
-
-Enables experimental support for single sign out (may mangle POST data).
-
-Default: The value set by [`apache::mod::auth_cas`][].
-
-##### `cas_validate_saml`
-
-Parse response from CAS server for SAML.
-
-Default: The value set by [`apache::mod::auth_cas`][].
-
-##### `cas_validate_url`
-
-Sets the URL to use when validating a client-presented ticket in an HTTP query string.
-
-Defaults to the value set by [`apache::mod::auth_cas`][].
-
-
-##### `comment`
-
-Adds comments to the header of the configuration file. Pass as string or an array of strings.
-
-Default: `undef`.
-
-For example:
-
-``` puppet
-comment => "Account number: 123B",
-```
-
-Or:
-
-``` puppet
-comment => [
- "Customer: X",
- "Frontend domain: x.example.org",
-]
-```
-
-##### `custom_fragment`
-
-Passes a string of custom configuration directives to place at the end of the virtual host configuration.
-
-Default: `undef`.
-
-##### `default_vhost`
-
-Sets a given `apache::vhost` defined type as the default to serve requests that do not match any other `apache::vhost` defined types.
-
-Default: `false`.
-
-##### `directories`
-
-See the [`directories`](#parameter-directories-for-apachevhost) section.
-
-##### `directoryindex`
-
-Sets the list of resources to look for when a client requests an index of the directory by specifying a '/' at the end of the directory name. See the [`DirectoryIndex`][] directive documentation for details.
-
-Default: `undef`.
-
-##### `docroot`
-
-**Required**.
-
-Sets the [`DocumentRoot`][] location, from which Apache serves files.
-
-If `docroot` and [`manage_docroot`][] are both set to `false`, no [`DocumentRoot`][] will be set and the accompanying `` block will not be created.
-
-Values: A string specifying a directory path.
-
-##### `docroot_group`
-
-Sets group access to the [`docroot`][] directory.
-
-Values: A string specifying a system group.
-
-Default: 'root'.
-
-##### `docroot_owner`
-
-Sets individual user access to the [`docroot`][] directory.
-
-Values: A string specifying a user account.
-
-Default: 'root'.
-
-##### `docroot_mode`
-
-Sets access permissions for the [`docroot`][] directory, in numeric notation.
-
-Values: A string.
-
-Default: `undef`.
-
-##### `manage_docroot`
-
-Determines whether Puppet manages the [`docroot`][] directory.
-
-Boolean.
-
-Default: `true`.
-
-##### `error_log`
-
-Specifies whether `*_error.log` directives should be configured.
-
-Boolean.
-
-Default: `true`.
-
-##### `error_log_file`
-
-Points the virtual host's error logs to a `*_error.log` file. If this parameter is undefined, Puppet checks for values in [`error_log_pipe`][], then [`error_log_syslog`][].
-
-If none of these parameters is set, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts.
-
-Default: `undef`.
-
-##### `error_log_pipe`
-
-Specifies a pipe to send error log messages to.
-
-This parameter has no effect if the [`error_log_file`][] parameter has a value. If neither this parameter nor `error_log_file` has a value, Puppet then checks [`error_log_syslog`][].
-
-Default: `undef`.
-
-##### `error_log_syslog`
-
-Determines whether to send all error log messages to syslog.
-
-This parameter has no effect if either of the [`error_log_file`][] or [`error_log_pipe`][] parameters has a value. If none of these parameters has a value, given a virtual host `example.com`, Puppet defaults to '$logroot/example.com_error_ssl.log' for SSL virtual hosts and '$logroot/example.com_error.log' for non-SSL virtual hosts.
-
-Boolean.
-
-Default: `undef`.
-
-##### `error_documents`
-
-A list of hashes which can be used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for this virtual host.
-
-For example:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- error_documents => [
- { 'error_code' => '503', 'document' => '/service-unavail' },
- { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
- ],
-}
-```
-
-Default: [].
-
-##### `ensure`
-
-Specifies if the virtual host is present or absent.
-
-Values: 'absent', 'present'.
-
-Default: 'present'.
-
-##### `fallbackresource`
-
-Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource) directive, which specifies an action to take for any URL that doesn't map to anything in your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin with a '/' or be 'disabled'.
-
-Default: `undef`.
-
-##### `fastcgi_idle_timeout`
-
-If using fastcgi, this option sets the timeout for the server to respond.
-
-Default: `undef`.
-
-##### `file_e_tag`
-
-Sets the server default for the [`FileETag`][] declaration, which modifies the response header field for static files.
-
-Values: 'INode', 'MTime', 'Size', 'All', 'None'.
-
-Default: `undef`, which uses Apache's default setting of 'MTime Size'.
-
-##### `filters`
-
-[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart, context-sensitive configuration of output content filters.
-
-``` puppet
-apache::vhost { "$::fqdn":
- filters => [
- 'FilterDeclare COMPRESS',
- 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
- 'FilterChain COMPRESS',
- 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
- ],
-}
-```
-
-##### `force_type`
-
-Sets the [`ForceType`][] directive, which forces Apache to serve all matching files with a [MIME `content-type`][] matching this parameter's value.
-
-#### `add_charset`
-
-Lets Apache set custom content character sets per directory and/or file extension
-
-##### `h2_copy_files`
-
-Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
-directive which influences how the requestion process pass files to the main
-connection.
-
-##### `h2_direct`
-
-Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
-directive which toggles the usage of the HTTP/2 Direct Mode.
-
-##### `h2_early_hints`
-
-Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
-directive which controls if HTTP status 103 interim responses are forwarded to
-the client or not.
-
-##### `h2_max_session_streams`
-
-Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
-directive which sets the maximum number of active streams per HTTP/2 session
-that the server allows.
-
-##### `h2_modern_tls_only`
-
-Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
-directive which toggles the security checks on HTTP/2 connections in TLS mode.
-
-##### `h2_push`
-
-Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
-directive which toggles the usage of the HTTP/2 server push protocol feature.
-
-##### `h2_push_diary_size`
-
-Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
-directive which toggles the maximum number of HTTP/2 server pushes that are
-remembered per HTTP/2 connection.
-
-##### `h2_push_priority`
-
-Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
-directive which defines the priority handling of pushed responses based on the
-content-type of the response.
-
-##### `h2_push_resource`
-
-Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
-directive which declares resources for early pushing to the client.
-
-##### `h2_serialize_headers`
-
-Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
-directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
-format for processing by httpd core.
-
-##### `h2_stream_max_mem_size`
-
-Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
-directive which sets the maximum number of outgoing data bytes buffered in
-memory for an active stream.
-
-##### `h2_tls_cool_down_secs`
-
-Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
-directive which sets the number of seconds of idle time on a TLS connection
-before the TLS write size falls back to a small (~1300 bytes) length.
-
-##### `h2_tls_warm_up_size`
-
-Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
-directive which sets the number of bytes to be sent in small TLS records (~1300
-bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
-
-##### `h2_upgrade`
-
-Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
-directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
-to HTTP/2.
-
-##### `h2_window_size`
-
-Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
-directive which sets the size of the window that is used for flow control from
-client to server and limits the amount of data the server has to buffer.
-
-
-##### `headers`
-
-Adds lines to replace, merge, or remove response headers. See [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
-
-Values: A string or an array of strings.
-
-Default: `undef`.
-
-##### `ip`
-
-Sets the IP address the virtual host listens on. By default, uses Apache's default behavior of listening on all IPs.
-
-Values: A string or an array of strings.
-
-Default: `undef`.
-
-##### `ip_based`
-
-Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual host. This parameter inhibits the creation of a NameVirtualHost directive, since those are used to funnel requests to name-based virtual hosts.
-
-Default: `false`.
-
-##### `itk`
-
-Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
-
-Usage typically looks something like:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- itk => {
- user => 'someuser',
- group => 'somegroup',
- },
-}
-```
-
-Values: a hash, which can include the keys:
-
-* user + group
-* `assignuseridexpr`
-* `assigngroupidexpr`
-* `maxclientvhost`
-* `nice`
-* `limituidrange` (Linux 3.5.0 or newer)
-* `limitgidrange` (Linux 3.5.0 or newer)
-
-Usage typically looks like:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- itk => {
- user => 'someuser',
- group => 'somegroup',
- },
-}
-```
-
-Default: `undef`.
-
-##### `jk_mounts`
-
-Sets up a virtual host with 'JkMount' and 'JkUnMount' directives to handle the paths for URL mapping between Tomcat and Apache.
-
-The parameter must be an array of hashes where each hash must contain the 'worker' and either the 'mount' or 'unmount' keys.
-
-Usage typically looks like:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- jk_mounts => [
- { mount => '/*', worker => 'tcnode1', },
- { unmount => '/*.jpg', worker => 'tcnode1', },
- ],
-}
-```
-Default: `undef`.
-
-##### `keepalive`
-
-Determines whether to enable persistent HTTP connections with the [`KeepAlive`][] directive for the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect.
-
-Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options for the virtual host.
-
-Values: 'Off', 'On'.
-
-Default: `undef`
-
-##### `keepalive_timeout`
-
-Sets the [`KeepAliveTimeout`] directive for the virtual host, which determines the amount of time to wait for subsequent requests on a persistent HTTP connection. By default, the global, server-wide [`KeepAlive`][] setting is in effect.
-
-This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled.
-
-Default: `undef`
-
-##### `max_keepalive_requests`
-
-Limits the number of requests allowed per connection to the virtual host. By default, the global, server-wide [`KeepAlive`][] setting is in effect.
-
-This parameter is only relevant if either the global, server-wide [`keepalive` parameter][] or the per-vhost `keepalive` parameter is enabled.
-
-Default: `undef`.
-
-##### `auth_kerb`
-
-Enable [`mod_auth_kerb`][] parameters for a virtual host.
-
-Usage typically looks like:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- auth_kerb => `true`,
- krb_method_negotiate => 'on',
- krb_auth_realms => ['EXAMPLE.ORG'],
- krb_local_user_mapping => 'on',
- directories => {
- path => '/var/www/html',
- auth_name => 'Kerberos Login',
- auth_type => 'Kerberos',
- auth_require => 'valid-user',
- },
-}
-```
-
-Related parameters follow the names of `mod_auth_kerb` directives:
-
-- `krb_method_negotiate`: Determines whether to use the Negotiate method. Default: 'on'.
-- `krb_method_k5passwd`: Determines whether to use password-based authentication for Kerberos v5. Default: 'on'.
-- `krb_authoritative`: If set to 'off', authentication controls can be passed on to another module. Default: 'on'.
-- `krb_auth_realms`: Specifies an array of Kerberos realms to use for authentication. Default: [].
-- `krb_5keytab`: Specifies the Kerberos v5 keytab file's location. Default: `undef`.
-- `krb_local_user_mapping`: Strips @REALM from usernames for further use. Default: `undef`.
-
-Boolean.
-
-Default: `false`.
-
-##### `krb_verify_kdc`
-
-This option can be used to disable the verification tickets against local keytab to prevent KDC spoofing attacks.
-
-Default: 'on'.
-
-##### `krb_servicename`
-
-Specifies the service name that will be used by Apache for authentication. Corresponding key of this name must be stored in the keytab.
-
-Default: 'HTTP'.
-
-##### `krb_save_credentials`
-
-This option enables credential saving functionality.
-
-Default is 'off'
-
-##### `logroot`
-
-Specifies the location of the virtual host's logfiles.
-
-Default: `/var/log//`.
-
-##### `$logroot_ensure`
-
-Determines whether or not to remove the logroot directory for a virtual host.
-
-Values: 'directory', 'absent'.
-
-Default: 'directory'.
-
-##### `logroot_mode`
-
-Overrides the mode the logroot directory is set to. Do *not* grant write access to the directory the logs are stored in without being aware of the consequences; for more information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
-
-Default: `undef`.
-
-##### `logroot_owner`
-
-Sets individual user access to the logroot directory.
-
-Defaults to `undef`.
-
-##### `logroot_group`
-
-Sets group access to the [`logroot`][] directory.
-
-Defaults to `undef`.
-
-##### `log_level`
-
-Specifies the verbosity of the error log.
-
-Values: 'emerg', 'alert', 'crit', 'error', 'warn', 'notice', 'info' or 'debug'.
-
-Default: 'warn' for the global server configuration. Can be overridden on a per-virtual host basis.
-
-###### `modsec_body_limit`
-
-Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
-
-Values: An integer.
-
-Default: `undef`.
-
-###### `modsec_disable_vhost`
-
-Disables [`mod_security`][] on a virtual host. Only valid if [`apache::mod::security`][] is included.
-
-Boolean.
-
-Default: `undef`.
-
-###### `modsec_disable_ids`
-
-Removes `mod_security` IDs from the virtual host.
-
-Values: An array of `mod_security` IDs to remove from the virtual host. Also takes a hash allowing removal of an ID from a specific location.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- modsec_disable_ids => [ 90015, 90016 ],
-}
-```
-
-``` puppet
-apache::vhost { 'sample.example.net':
- modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
-}
-```
-
-Default: `undef`.
-
-###### `modsec_disable_ips`
-
-Specifies an array of IP addresses to exclude from [`mod_security`][] rule matching.
-
-Default: `undef`.
-
-###### `modsec_disable_msgs`
-
-Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing removal of an Msg from a specific location.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
-}
-```
-
-``` puppet
-apache::vhost { 'sample.example.net':
- modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
-}
-```
-
-Default: `undef`.
-
-###### `modsec_disable_tags`
-
-Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing removal of an Tag from a specific location.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
-}
-```
-
-``` puppet
-apache::vhost { 'sample.example.net':
- modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
-}
-```
-
-Default: `undef`.
-
-##### `modsec_audit*`
-
-* `modsec_audit_log`
-* `modsec_audit_log_file`
-* `modsec_audit_log_pipe`
-
-These three parameters together determine how to send `mod_security` audit log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
-
-* If `modsec_audit_log_file` is set, it is relative to [`logroot`][].
-
- Default: `undef`.
-
-* If `modsec_audit_log_pipe` is set, it should start with a pipe. Example '|/path/to/mlogc /path/to/mlogc.conf'.
-
- Default: `undef`.
-
-* If `modsec_audit_log` is `true`, given a virtual host---for instance, example.com---it defaults to 'example.com\_security\_ssl.log' for [SSL-encrypted][SSL encryption] virtual hosts and 'example.com\_security.log' for unencrypted virtual hosts.
-
- Default: `false`.
-
-If none of those parameters are set, the global audit log is used (''/var/log/httpd/modsec\_audit.log''; Debian and derivatives: ''/var/log/apache2/modsec\_audit.log''; others: ).
-
-##### `no_proxy_uris`
-
-Specifies URLs you do not want to proxy. This parameter is meant to be used in combination with [`proxy_dest`](#proxy_dest).
-
-Default: [].
-
-##### `no_proxy_uris_match`
-
-This directive is equivalent to [`no_proxy_uris`][], but takes regular expressions.
-
-Default: [].
-
-##### `proxy_preserve_host`
-
-Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
-
-Setting this parameter to `true` enables the `Host:` line from an incoming request to be proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
-
-Boolean.
-
-Default: `false`.
-
-##### `proxy_add_headers`
-
-Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
-
-This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
-
-Boolean.
-
-Default: `false`.
-
-##### `proxy_error_override`
-
-Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride). This directive controls whether Apache should override error pages for proxied content.
-
-Boolean.
-
-Default: `false`.
-
-##### `options`
-
-Sets the [`Options`][] for the specified virtual host. For example:
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- options => ['Indexes','FollowSymLinks','MultiViews'],
-}
-```
-
-> **Note**: If you use the [`directories`][] parameter of [`apache::vhost`][], 'Options', 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
-
-Default: ['Indexes','FollowSymLinks','MultiViews'],
-
-##### `override`
-
-Sets the overrides for the specified virtual host. Accepts an array of [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
-
-Default: ['None'].
-
-##### `passenger_spawn_method`
-
-Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod), whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
-
-Valid options: `smart` or `direct`.
-
-Default: `undef`.
-
-##### `passenger_app_root`
-
-Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot), the location of the Passenger application root if different from the DocumentRoot.
-
-Values: A string specifying a path.
-
-Default: `undef`.
-
-##### `passenger_app_env`
-
-Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv), the environment for the Passenger application. If not specified, defaults to the global setting or 'production'.
-
-Values: A string specifying the name of the environment.
-
-Default: `undef`.
-
-##### `passenger_log_file`
-
-By default, Passenger log messages are written to the Apache global error log. With [PassengerLogFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlogfile), you can configure those messages to be logged to a different file. This option is only available since Passenger 5.0.5.
-
-Values: A string specifying a path.
-
-Default: `undef`.
-
-##### `passenger_log_level`
-
-This option allows to specify how much information should be written to the log file. If not set, [PassengerLogLevel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloglevel) will not show up in the configuration file and the defaults are used.
-
-Default: Passenger versions less than 3.0.0: '0'; 5.0.0 and later: '3'.
-
-##### `passenger_ruby`
-
-Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby), the Ruby interpreter to use for the application, on this virtual host.
-
-Default: `undef`.
-
-##### `passenger_min_instances`
-
-Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances), the minimum number of application processes to run.
-
-##### `passenger_max_requests`
-
-Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#pas
-sengermaxrequests), the maximum number of requests an application process will process.
-
-##### `passenger_max_instances_per_app`
-
-Sets [PassengerMaxInstancesPerApp](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstancesperapp), the maximum number of application processes that may simultaneously exist for a single application.
-
-Default: `undef`.
-
-##### `passenger_start_timeout`
-
-Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout), the timeout for the application startup.
-
-##### `passenger_pre_start`
-
-Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart), the URL of the application if pre-starting is required.
-
-##### `passenger_user`
-
-Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser), the running user for sandboxing applications.
-
-##### `passenger_group`
-
-Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup), the running group for sandboxing applications.
-
-##### `passenger_high_performance`
-
-Sets the [`PassengerHighPerformance`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance) parameter.
-
-Values: `true`, `false`.
-
-Default: `undef`.
-
-##### `passenger_nodejs`
-
-Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs), the NodeJS interpreter to use for the application, on this virtual host.
-
-##### `passenger_sticky_sessions`
-
-Sets the [`PassengerStickySessions`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions) parameter.
-
-Boolean.
-
-Default: `undef`.
-
-##### `passenger_startup_file`
-
-Sets the [`PassengerStartupFile`](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile) path. This path is relative to the application root.
-
-##### `php_values & php_flags`
-
-Allows per-virtual host setting [`php_value`s or `php_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values can be overwritten by a user or an application.
-
-Default: '{}'.
-
-Within a vhost declaration:
-``` puppet
- php_values => [ 'include_path ".:/usr/local/example-app/include"' ],
-```
-
-##### `php_admin_flags & values`
-
-Allows per-virtual host setting [`php_admin_value`s or `php_admin_flag`s](http://php.net/manual/en/configuration.changes.php). These flags or values cannot be overwritten by a user or an application.
-
-Default: '{}'.
-
-##### `port`
-
-Sets the port the host is configured on. The module's defaults ensure the host listens on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only listens on the port set in this parameter.
-
-##### `priority`
-
-Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
-
-If nothing matches the priority, the first name-based virtual host is used. Likewise, passing a higher priority causes the alphabetically first name-based virtual host to be used if no other names match.
-
-> **Note:** You should not need to use this parameter. However, if you do use it, be aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
-
-To omit the priority prefix in file names, pass a priority of `false`.
-
-Default: '25'.
-
-##### `protocols`
-
-Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols) directive, which lists available protocols for the virutal host.
-
-Default: `undef`
-
-##### `protocols_honor_order`
-
-Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder) directive which determines wether the order of Protocols sets precedence during negotiation.
-
-Default: `undef`
-
-##### `proxy_dest`
-
-Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
-
-Default: `undef`.
-
-##### `proxy_pass`
-
-Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration. Optionally, parameters can be added as an array.
-
-Default: `undef`.
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- proxy_pass => [
- { 'path' => '/a', 'url' => 'http://backend-a/' },
- { 'path' => '/b', 'url' => 'http://backend-b/' },
- { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
- { 'path' => '/l', 'url' => 'http://backend-xy',
- 'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
- { 'path' => '/d', 'url' => 'http://backend-a/d',
- 'params' => { 'retry' => '0', 'timeout' => '5' }, },
- { 'path' => '/e', 'url' => 'http://backend-a/e',
- 'keywords' => ['nocanon', 'interpolate'] },
- { 'path' => '/f', 'url' => 'http://backend-f/',
- 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
- { 'path' => '/g', 'url' => 'http://backend-g/',
- 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
- { 'path' => '/h', 'url' => 'http://backend-h/h',
- 'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
- ],
-}
-```
-
-* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
-* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
-* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
-* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
-
-##### `proxy_dest_match`
-
-This directive is equivalent to [`proxy_dest`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details.
-
-##### `proxy_dest_reverse_match`
-
-Allows you to pass a ProxyPassReverse if [`proxy_dest_match`][] is specified. See [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse) for details.
-
-##### `proxy_pass_match`
-
-This directive is equivalent to [`proxy_pass`][], but takes regular expressions, see [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch) for details.
-
-##### `rack_base_uris`
-
-Specifies the resource identifiers for a rack configuration. The file paths specified are listed as rack application roots for [Phusion Passenger](http://www.modrails.com/documentation/Users%20guide%20Apache.html#_railsbaseuri_and_rackbaseuri) in the _rack.erb template.
-
-Default: `undef`.
-
-##### `passenger_base_uris`
-
-Used to specify that the given URI is a Phusion Passenger-served application. The file paths specified are listed as passenger application roots for [Phusion Passenger](https://www.phusionpassenger.com/documentation/Users%20guide%20Apache.html#PassengerBaseURI) in the _passenger_base_uris.erb template.
-
-Default: `undef`.
-
-##### `redirect_dest`
-
-Specifies the address to redirect to.
-
-Default: `undef`.
-
-##### `redirect_source`
-
-Specifies the source URIs that redirect to the destination specified in `redirect_dest`. If more than one item for redirect is supplied, the source and destination must be the same length, and the items are order-dependent.
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- redirect_source => ['/images','/downloads'],
- redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],
-}
-```
-
-##### `redirect_status`
-
-Specifies the status to append to the redirect.
-
-Default: `undef`.
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- redirect_status => ['temp','permanent'],
-}
-```
-
-##### `redirectmatch_*`
-
-* `redirectmatch_regexp`
-* `redirectmatch_status`
-* `redirectmatch_dest`
-
-Determines which server status should be raised for a given regular expression and where to forward the user to. Entered as arrays.
-
-Default: `undef`.
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- redirectmatch_status => ['404','404'],
- redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
- redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
-}
-```
-
-##### `request_headers`
-
-Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader) in various ways, including adding additional request headers, removing request headers, and so on.
-
-Default: `undef`.
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- request_headers => [
- 'append MirrorID "mirror 12"',
- 'unset MirrorID',
- ],
-}
-```
-
-##### `rewrites`
-
-Creates URL rewrite rules. Expects an array of hashes.
-
-Values: Hash keys that are any of 'comment', 'rewrite_base', 'rewrite_cond', 'rewrite_rule' or 'rewrite_map'.
-
-Default: `undef`.
-
-For example, you can specify that anyone trying to access index.html is served welcome.html
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
-}
-```
-
-The parameter allows rewrite conditions that, when `true`, execute the associated rule. For instance, if you wanted to rewrite URLs only if the visitor is using IE
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- rewrites => [
- {
- comment => 'redirect IE',
- rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
- rewrite_rule => ['^index\.html$ welcome.html'],
- },
- ],
-}
-```
-
-You can also apply multiple conditions. For instance, rewrite index.html to welcome.html only when the browser is Lynx or Mozilla (version 1 or 2)
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- rewrites => [
- {
- comment => 'Lynx or Mozilla v1/2',
- rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
- rewrite_rule => ['^index\.html$ welcome.html'],
- },
- ],
-}
-```
-
-Multiple rewrites and conditions are also possible
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- rewrites => [
- {
- comment => 'Lynx or Mozilla v1/2',
- rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
- rewrite_rule => ['^index\.html$ welcome.html'],
- },
- {
- comment => 'Internet Explorer',
- rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
- rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
- },
- {
- rewrite_base => /apps/,
- rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
- },
- { comment => 'Rewrite to lower case',
- rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
- rewrite_map => ['lc int:tolower'],
- rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
- },
- ],
-}
-```
-
-Refer to the [`mod_rewrite` documentation][`mod_rewrite`] for more details on what is possible with rewrite rules and conditions.
-
-##### `rewrite_inherit`
-
-Determines whether the virtual host inherits global rewrite rules.
-
-Default: `false`.
-
-Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or inside the virtual host `.conf` file. By default, virtual hosts do not inherit global settings. To activate inheritance, specify the `rewrites` parameter and set `rewrite_inherit` parameter to `true`:
-
-``` puppet
-apache::vhost { 'site.name.fdqn':
- …
- rewrites => [
- ,
- ],
- rewrite_inherit => `true`,
-}
-```
-
-> **Note**: The `rewrites` parameter is **required** for this to have effect
-
-Apache activates global `Rewrite` rules inheritance if the virtual host files contains the following directives:
-
-``` ApacheConf
-RewriteEngine On
-RewriteOptions Inherit
-```
-
-Refer to the [official `mod_rewrite` documentation](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html), section "Rewriting in Virtual Hosts".
-
-##### `scriptalias`
-
-Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as '/usr/scripts'.
-
-Default: `undef`.
-
-##### `scriptaliases`
-
-> **Note**: This parameter is deprecated in favor of the `aliases` parameter.
-
-Passes an array of hashes to the virtual host to create either ScriptAlias or ScriptAliasMatch statements per the [`mod_alias` documentation][`mod_alias`].
-
-``` puppet
-scriptaliases => [
- {
- alias => '/myscript',
- path => '/usr/share/myscript',
- },
- {
- aliasmatch => '^/foo(.*)',
- path => '/usr/share/fooscripts$1',
- },
- {
- aliasmatch => '^/bar/(.*)',
- path => '/usr/share/bar/wrapper.sh/$1',
- },
- {
- alias => '/neatscript',
- path => '/usr/share/neatscript',
- },
-]
-```
-
-The ScriptAlias and ScriptAliasMatch directives are created in the order specified. As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases before more general ones to avoid shadowing.
-
-##### `serveradmin`
-
-Specifies the email address Apache displays when it renders one of its error pages.
-
-Default: `undef`.
-
-##### `serveraliases`
-
-Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias) of the site.
-
-Default: [].
-
-##### `servername`
-
-Sets the servername corresponding to the hostname you connect to the virtual host at.
-
-Default: the title of the resource.
-
-##### `setenv`
-
-Used by HTTPD to set environment variables for virtual hosts.
-
-Default: [].
-
-Example:
-
-``` puppet
-apache::vhost { 'setenv.example.com':
- setenv => ['SPECIAL_PATH /foo/bin'],
-}
-```
-
-##### `setenvif`
-
-Used by HTTPD to conditionally set environment variables for virtual hosts.
-
-Default: [].
-
-##### `setenvifnocase`
-
-Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
-
-Default: [].
-
-##### `suphp_*`
-
-* `suphp_addhandler`
-* `suphp_configpath`
-* `suphp_engine`
-
-Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG).
-
-* `suphp_addhandler`. Default: 'php5-script' on RedHat and FreeBSD, and 'x-httpd-php' on Debian and Gentoo.
-* `suphp_configpath`. Default: `undef` on RedHat and FreeBSD, and '/etc/php5/apache2' on Debian and Gentoo.
-* `suphp_engine`. Values: 'on' or 'off'. Default: 'off'.
-
-An example virtual host configuration with suPHP:
-
-``` puppet
-apache::vhost { 'suphp.example.com':
- port => '80',
- docroot => '/home/appuser/myphpapp',
- suphp_addhandler => 'x-httpd-php',
- suphp_engine => 'on',
- suphp_configpath => '/etc/php5/apache2',
- directories => { path => '/home/appuser/myphpapp',
- 'suphp' => { user => 'myappuser', group => 'myappgroup' },
- }
-}
-```
-
-##### `vhost_name`
-
-Enables name-based virtual hosting. If no IP is passed to the virtual host, but the virtual host is assigned a port, then the virtual host name is 'vhost_name:port'. If the virtual host has no assigned IP or port, the virtual host name is set to the title of the resource.
-
-Default: '*'.
-
-##### `virtual_docroot`
-
-Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the same name. For example, 'http://example.com' would map to '/var/www/example.com'.
-
-Default: `false`.
-
-``` puppet
-apache::vhost { 'subdomain.loc':
- vhost_name => '*',
- port => '80',
- virtual_docroot => '/var/www/%-2+',
- docroot => '/var/www',
- serveraliases => ['*.loc',],
-}
-```
-
-##### `wsgi*`
-
-* `wsgi_daemon_process`
-* `wsgi_daemon_process_options`
-* `wsgi_process_group`
-* `wsgi_script_aliases`
-* `wsgi_pass_authorization`
-
-Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi).
-
-* `wsgi_daemon_process`: A hash that sets the name of the WSGI daemon, accepting [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html). Default: `undef`.
-* `wsgi_daemon_process_options`. _Optional._ Default: `undef`. **Deprecated:** Please add values inside Hash `wsgi_daemon_process`.
-* `wsgi_process_group`: Sets the group ID that the virtual host runs under. Default: `undef`.
-* `wsgi_script_aliases`: Requires a hash of web paths to filesystem .wsgi paths. Default: `undef`.
-* `wsgi_script_aliases_match`: Requires a hash of web path regexes to filesystem .wsgi paths. Default: `undef`
-* `wsgi_pass_authorization`: Uses the WSGI application to handle authorization instead of Apache when set to 'On'. For more information, see [mod_wsgi's WSGIPassAuthorization documentation] (https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html). Default: `undef`, leading Apache to use its default value of 'Off'.
-* `wsgi_chunked_request`: Enables support for chunked requests. Default: `undef`.
-
-An example virtual host configuration with WSGI:
-
-``` puppet
-apache::vhost { 'wsgi.example.com':
- port => '80',
- docroot => '/var/www/pythonapp',
- wsgi_daemon_process => {
- 'wsgi' => {
- processes => '2',
- threads => '15',
- display-name => '%{GROUP}',
- },
- 'foo' => {},
- },
- wsgi_process_group => 'wsgi',
- wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
- wsgi_chunked_request => 'On',
-}
-```
-
-#### Parameter `directories` for `apache::vhost`
-
-The `directories` parameter within the `apache::vhost` class passes an array of hashes to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory), [File](https://httpd.apache.org/docs/current/mod/core.html#files), and [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks. These blocks take the form, '< Directory /path/to/directory>...< /Directory>'.
-
-The `path` key sets the path for the directory, files, and location blocks. Its value must be a path for the 'directory', 'files', and 'location' providers, or a regex for the 'directorymatch', 'filesmatch', or 'locationmatch' providers. Each hash passed to `directories` **must** contain `path` as one of the keys.
-
-The `provider` key is optional. If missing, this key defaults to 'directory'. Values: 'directory', 'files', 'proxy', 'location', 'directorymatch', 'filesmatch', 'proxymatch' or 'locationmatch'. If you set `provider` to 'directorymatch', it uses the keyword 'DirectoryMatch' in the Apache config file.
-
-An example use of `directories`:
-
-``` puppet
-apache::vhost { 'files.example.net':
- docroot => '/var/www/files',
- directories => [
- { 'path' => '/var/www/files',
- 'provider' => 'files',
- 'deny' => 'from all',
- },
- ],
-}
-```
-
-> **Note:** At least one directory should match the `docroot` parameter. After you start declaring directories, `apache::vhost` assumes that all required Directory blocks will be declared. If not defined, a single default Directory block is created that matches the `docroot` parameter.
-
-Available handlers, represented as keys, should be placed within the `directory`, `files`, or `location` hashes. This looks like
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [ { path => '/path/to/directory', handler => value } ],
-}
-```
-
-Any handlers you do not set in these hashes are considered 'undefined' within Puppet and are not added to the virtual host, resulting in the module using their default values. Supported handlers are:
-
-##### `addhandlers`
-
-Sets [AddHandler](https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler) directives, which map filename extensions to the specified handler. Accepts a list of hashes, with `extensions` serving to list the extensions being managed by the handler, and takes the form: `{ handler => 'handler-name', extensions => ['extension'] }`.
-
-An example:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- addhandlers => [{ handler => 'cgi-script', extensions => ['.cgi']}],
- },
- ],
-}
-```
-
-##### `allow`
-
-Sets an [Allow](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) directive, which groups authorizations based on hostnames or IPs. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- allow => 'from example.org',
- },
- ],
-}
-```
-
-##### `allow_override`
-
-Sets the types of directives allowed in [.htaccess](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) files. Accepts an array.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- allow_override => ['AuthConfig', 'Indexes'],
- },
- ],
-}
-```
-
-##### `auth_basic_authoritative`
-
-Sets the value for [AuthBasicAuthoritative](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicauthoritative), which determines whether authorization and authentication are passed to lower level Apache modules.
-
-##### `auth_basic_fake`
-
-Sets the value for [AuthBasicFake](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicfake), which statically configures authorization credentials for a given directive block.
-
-##### `auth_basic_provider`
-
-Sets the value for [AuthBasicProvider](https://httpd.apache.org/docs/current/mod/mod_auth_basic.html#authbasicprovider), which sets the authentication provider for a given location.
-
-##### `auth_digest_algorithm`
-
-Sets the value for [AuthDigestAlgorithm](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestalgorithm), which selects the algorithm used to calculate the challenge and response hashes.
-
-###### `auth_digest_domain`
-
-Sets the value for [AuthDigestDomain](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestdomain), which allows you to specify one or more URIs in the same protection space for digest authentication.
-
-##### `auth_digest_nonce_lifetime`
-
-Sets the value for [AuthDigestNonceLifetime](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestnoncelifetime), which controls how long the server nonce is valid.
-
-##### `auth_digest_provider`
-
-Sets the value for [AuthDigestProvider](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestprovider), which sets the authentication provider for a given location.
-
-##### `auth_digest_qop`
-
-Sets the value for [AuthDigestQop](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestqop), which determines the quality-of-protection to use in digest authentication.
-
-##### `auth_digest_shmem_size`
-
-Sets the value for [AuthAuthDigestShmemSize](https://httpd.apache.org/docs/current/mod/mod_auth_digest.html#authdigestshmemsize), which defines the amount of shared memory allocated to the server for keeping track of clients.
-
-##### `auth_group_file`
-
-Sets the value for [AuthGroupFile](https://httpd.apache.org/docs/current/mod/mod_authz_groupfile.html#authgroupfile), which sets the name of the text file containing the list of user groups for authorization.
-
-##### `auth_name`
-
-Sets the value for [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname), which sets the name of the authorization realm.
-
-##### `auth_require`
-
-Sets the entity name you're requiring to allow access. Read more about [Require](https://httpd.apache.org/docs/current/mod/mod_authz_host.html#requiredirectives).
-
-##### `auth_type`
-
-Sets the value for [AuthType](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authtype), which guides the type of user authentication.
-
-##### `auth_user_file`
-
-Sets the value for [AuthUserFile](https://httpd.apache.org/docs/current/mod/mod_authn_file.html#authuserfile), which sets the name of the text file containing the users/passwords for authentication.
-
-##### `auth_merging`
-
-Sets the value for [AuthMerging](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#authmerging), which determines if authorization logic should be combined
-
-##### `auth_ldap_url`
-
-Sets the value for [AuthLDAPURL](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapurl), which determines URL of LDAP-server(s) if AuthBasicProvider 'ldap' is used
-
-##### `auth_ldap_bind_dn`
-
-Sets the value for [AuthLDAPBindDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbinddn), which allows use of an optional DN used to bind to the LDAP-server when searching for entries if AuthBasicProvider 'ldap' is used.
-
-##### `auth_ldap_bind_password`
-
-Sets the value for [AuthLDAPBindPassword](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapbindpassword), which allows use of an optional bind password to use in conjunction with the bind DN if AuthBasicProvider 'ldap' is used.
-
-##### `auth_ldap_group_attribute`
-
-Array of values for [AuthLDAPGroupAttribute](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattribute), specifies which LDAP attributes are used to check for user members within ldap-groups.
-
-Default: "member" and "uniquemember".
-
-##### `auth_ldap_group_attribute_is_dn`
-
-Sets value for [AuthLDAPGroupAttributeIsDN](https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html#authldapgroupattributeisdn), specifies if member of a ldapgroup is a dn or simple username. When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. valid values are: "on" or "off"
-
-##### `custom_fragment`
-
-Pass a string of custom configuration directives to be placed at the end of the directory configuration.
-
-``` puppet
-apache::vhost { 'monitor':
- …
- directories => [
- {
- path => '/path/to/directory',
- custom_fragment => '
-
- SetHandler balancer-manager
- Order allow,deny
- Allow from all
-
-
- SetHandler server-status
- Order allow,deny
- Allow from all
-
-ProxyStatus On',
- },
- ]
-}
-```
-
-##### `dav`
-
-Sets the value for [Dav](http://httpd.apache.org/docs/current/mod/mod_dav.html#dav), which determines if the WebDAV HTTP methods should be enabled. The value can be either 'On', 'Off' or the name of the provider. A value of 'On' enables the default filesystem provider implemented by the `mod_dav_fs` module.
-
-##### `dav_depth_infinity`
-
-Sets the value for [DavDepthInfinity](http://httpd.apache.org/docs/current/mod/mod_dav.html#davdepthinfinity), which is used to enable the processing of `PROPFIND` requests having a `Depth: Infinity` header.
-
-##### `dav_min_timeout`
-
-Sets the value for [DavMinTimeout](http://httpd.apache.org/docs/current/mod/mod_dav.html#davmintimeout), which sets the time the server holds a lock on a DAV resource. The value should be the number of seconds to set.
-
-##### `deny`
-
-Sets a [Deny](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#deny) directive, specifying which hosts are denied access to the server. **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower. You can use it as a single string for one rule or as an array for more than one.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- deny => 'from example.org',
- },
- ],
-}
-```
-
-##### `error_documents`
-
-An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument) settings for the directory.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- directories => [
- { path => '/srv/www',
- error_documents => [
- { 'error_code' => '503',
- 'document' => '/service-unavail',
- },
- ],
- },
- ],
-}
-```
-
-##### `ext_filter_options`
-
-Sets the [ExtFilterOptions](https://httpd.apache.org/docs/current/mod/mod_ext_filter.html) directive.
-Note that you must declare `class { 'apache::mod::ext_filter': }` before using this directive.
-
-``` puppet
-apache::vhost { 'filter.example.org':
- docroot => '/var/www/filter',
- directories => [
- { path => '/var/www/filter',
- ext_filter_options => 'LogStderr Onfail=abort',
- },
- ],
-}
-```
-
-##### `geoip_enable`
-
-Sets the [GeoIPEnable](http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Configuration) directive.
-Note that you must declare `class {'apache::mod::geoip': }` before using this directive.
-
-``` puppet
-apache::vhost { 'first.example.com':
- docroot => '/var/www/first',
- directories => [
- { path => '/var/www/first',
- geoip_enable => `true`,
- },
- ],
-}
-```
-
-##### `h2_copy_files`
-
-Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
-Note that you must declare `class {'apache::mod::http2': }` before using this directive.
-
-##### `h2_push_resource`
-
-Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
-Note that you must declare `class {'apache::mod::http2': }` before using this directive.
-
-##### `headers`
-
-Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => {
- path => '/path/to/directory',
- headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
- },
-}
-```
-
-##### `index_options`
-
-Allows configuration settings for [directory indexing](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexoptions).
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- directoryindex => 'disabled', # this is needed on Apache 2.4 or mod_autoindex doesn't work
- options => ['Indexes','FollowSymLinks','MultiViews'],
- index_options => ['IgnoreCase', 'FancyIndexing', 'FoldersFirst', 'NameWidth=*', 'DescriptionWidth=*', 'SuppressHTMLPreamble'],
- },
- ],
-}
-```
-
-##### `index_order_default`
-
-Sets the [default ordering](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexorderdefault) of the directory index.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- order => 'Allow,Deny',
- index_order_default => ['Descending', 'Date'],
- },
- ],
-}
-```
-
-###### `index_style_sheet`
-
-Sets the [IndexStyleSheet](https://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexstylesheet), which adds a CSS stylesheet to the directory index.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- options => ['Indexes','FollowSymLinks','MultiViews'],
- index_options => ['FancyIndexing'],
- index_style_sheet => '/styles/style.css',
- },
- ],
-}
-```
-
-##### `limit`
-
-Creates a [Limit](https://httpd.apache.org/docs/current/mod/core.html#limit) block inside the Directory block, which can also contain `require` directives.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/docroot',
- directories => [
- { path => '/',
- provider => 'location',
- limit => [
- { methods => 'GET HEAD',
- require => ['valid-user']
- },
- ],
- },
- ],
-}
-```
-
-##### `limit_except`
-
-Creates a [LimitExcept](https://httpd.apache.org/docs/current/mod/core.html#limitexcept) block inside the Directory block, which can also contain `require` directives.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/docroot',
- directories => [
- { path => '/',
- provider => 'location',
- limit_except => [
- { methods => 'GET HEAD',
- require => ['valid-user']
- },
- ],
- },
- ],
-}
-```
-
-##### `mellon_enable`
-
-Sets the [MellonEnable][`mod_auth_mellon`] directory to enable [`mod_auth_mellon`][]. You can use [`apache::mod::auth_mellon`][] to install `mod_auth_mellon`.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/',
- provider => 'directory',
- mellon_enable => 'info',
- mellon_sp_private_key_file => '/etc/certs/${::fqdn}.key',
- mellon_endpoint_path => '/mellon',
- mellon_set_env_no_prefix => { 'ADFS_GROUP' => 'http://schemas.xmlsoap.org/claims/Group',
- 'ADFS_EMAIL' => 'http://schemas.xmlsoap.org/claims/EmailAddress', },
- mellon_user => 'ADFS_LOGIN',
- },
- { path => '/protected',
- provider => 'location',
- mellon_enable => 'auth',
- auth_type => 'Mellon',
- auth_require => 'valid-user',
- mellon_cond => ['ADFS_LOGIN userA [MAP]','ADFS_LOGIN userB [MAP]'],
- },
- ]
-}
-```
-
-Related parameters follow the names of `mod_auth_mellon` directives:
-
-- `mellon_cond`: Takes an array of mellon conditions that must be met to grant access, and creates a [MellonCond][`mod_auth_mellon`] directive for each item in the array.
-- `mellon_endpoint_path`: Sets the [MellonEndpointPath][`mod_auth_mellon`] to set the mellon endpoint path.
-- `mellon_sp_metadata_file`: Sets the [MellonSPMetadataFile][`mod_auth_mellon`] location of the SP metadata file.
-- `mellon_idp_metadata_file`: Sets the [MellonIDPMetadataFile][`mod_auth_mellon`] location of the IDP metadata file.
-- `mellon_saml_rsponse_dump`: Sets the [MellonSamlResponseDump][`mod_auth_mellon`] directive to enable debug of SAML.
-- `mellon_set_env_no_prefix`: Sets the [MellonSetEnvNoPrefix][`mod_auth_mellon`] directive to a hash of attribute names to map
-to environment variables.
-- `mellon_sp_private_key_file`: Sets the [MellonSPPrivateKeyFile][`mod_auth_mellon`] directive for the private key location of the service provider.
-- `mellon_sp_cert_file`: Sets the [MellonSPCertFile][`mod_auth_mellon`] directive for the public key location of the service provider.
-- `mellon_user`: Sets the [MellonUser][`mod_auth_mellon`] attribute to use for the username.
-- `mellon_session_length`: Sets the [MellonSessionLength][`mod_auth_mellon`] attribute.
-
-##### `options`
-
-Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the given Directory block.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- options => ['Indexes','FollowSymLinks','MultiViews'],
- },
- ],
-}
-```
-
-##### `order`
-
-Sets the order of processing Allow and Deny statements as per [Apache core documentation](https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order). **Deprecated:** This parameter is being deprecated due to a change in Apache. It only works with Apache 2.2 and lower.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- order => 'Allow,Deny',
- },
- ],
-}
-```
-
-##### `passenger_enabled`
-
-Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled) directive to 'on' or 'off'. Requires `apache::mod::passenger` to be included.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- passenger_enabled => 'on',
- },
- ],
-}
-```
-
-> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) using the PassengerEnabled directive with the PassengerHighPerformance directive.
-
-##### `php_value` and `php_flag`
-
-`php_value` sets the value of the directory, and `php_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php).
-
-##### `php_admin_value` and `php_admin_flag`
-
-`php_admin_value` sets the value of the directory, and `php_admin_flag` uses a boolean to configure the directory. Further information can be found [here](http://php.net/manual/en/configuration.changes.php).
-
-
-##### `require`
-
-
-Sets a `Require` directive as per the [Apache Authz documentation](https://httpd.apache.org/docs/current/mod/mod_authz_core.html#require). If no `require` is set, it will default to `Require all granted`.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- require => 'ip 10.17.42.23',
- }
- ],
-}
-```
-
-When more complex sets of requirement are needed, apache >= 2.4 provides the use of [RequireAll](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall), [RequireNone](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requirenone) or [RequireAny](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireany) directives.
-Using the 'enforce' key, which only supports 'any','none','all' (other values are silently ignored), this could be established like:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- require => {
- enforce => 'any',
- requires => [
- 'ip 1.2.3.4',
- 'not host host.example.com',
- 'user xyz',
- ],
- },
- },
- ],
-}
-```
-
-If `require` is set to `unmanaged` it will not be set at all. This is useful for complex authentication/authorization requirements which are handled in a custom fragment.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- require => 'unmanaged',
- }
- ],
-}
-```
-
-
-
-##### `satisfy`
-
-Sets a `Satisfy` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#satisfy). **Deprecated:** This parameter is deprecated due to a change in Apache and only works with Apache 2.2 and lower.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- satisfy => 'Any',
- }
- ],
-}
-```
-
-##### `sethandler`
-
-Sets a `SetHandler` directive per the [Apache Core documentation](https://httpd.apache.org/docs/2.2/mod/core.html#sethandler).
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- sethandler => 'None',
- }
- ],
-}
-```
-
-##### `set_output_filter`
-
-Sets a `SetOutputFilter` directive per the [Apache Core documentation](https://httpd.apache.org/docs/current/mod/core.html#setoutputfilter).
-
-``` puppet
-apache::vhost{ 'filter.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- set_output_filter => puppetdb-strip-resource-params,
- },
- ],
-}
-```
-
-##### `rewrites`
-
-Creates URL [`rewrites`](#rewrites) rules in virtual host directories. Expects an array of hashes, and the hash keys can be any of 'comment', 'rewrite_base', 'rewrite_cond', or 'rewrite_rule'.
-
-``` puppet
-apache::vhost { 'secure.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- rewrites => [ { comment => 'Permalink Rewrites',
- rewrite_base => '/'
- },
- { rewrite_rule => ['^index\.php$ - [L]']
- },
- { rewrite_cond => ['%{REQUEST_FILENAME} !-f',
- '%{REQUEST_FILENAME} !-d',
- ],
- rewrite_rule => ['. /index.php [L]'],
- }
- ],
- },
- ],
-}
-```
-
-> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite` and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather than setting the rewrites in the virtual host's directories.
-
-##### `shib_request_settings`
-
-Allows a valid content setting to be set or altered for the application request. This command takes two parameters: the name of the content setting, and the value to set it to. Check the Shibboleth [content setting documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPContentSettings) for valid settings. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
-
-``` puppet
-apache::vhost { 'secure.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- shib_request_settings => { 'requiresession' => 'On' },
- shib_use_headers => 'On',
- },
- ],
-}
-```
-
-##### `shib_use_headers`
-
-When set to 'On', this turns on the use of request headers to publish attributes to applications. Values for this key is 'On' or 'Off', and the default value is 'Off'. This key is disabled if `apache::mod::shib` is not defined. Check the [`mod_shib` documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions) for more details.
-
-##### `shib_compat_valid_user`
-
-Default is Off, matching the behavior prior to this command's existence. Addresses a conflict when using Shibboleth in conjunction with other auth/auth modules by restoring "standard" Apache behavior when processing the "valid-user" and "user" Require rules. See the [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions), and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess) topic for more details. This key is disabled if `apache::mod::shib` is not defined.
-
-##### `ssl_options`
-
-String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions), which configure SSL engine run-time options. This handler takes precedence over SSLOptions set in the parent block of the virtual host.
-
-``` puppet
-apache::vhost { 'secure.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- ssl_options => '+ExportCertData',
- },
- { path => '/path/to/different/dir',
- ssl_options => ['-StdEnvVars', '+ExportCertData'],
- },
- ],
-}
-```
-
-##### `suphp`
-
-A hash containing the 'user' and 'group' keys for the [suPHP_UserGroup](http://www.suphp.org/DocumentationView.html?file=apache/CONFIG) setting. It must be used with `suphp_engine => on` in the virtual host declaration, and can only be passed within `directories`.
-
-``` puppet
-apache::vhost { 'secure.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/directory',
- suphp => {
- user => 'myappuser',
- group => 'myappgroup',
- },
- },
- ],
-}
-```
-##### `additional_includes`
-
-Specifies paths to additional static, specific Apache configuration files in virtual host directories. Values: a array of string path.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- docroot => '/path/to/directory',
- directories => [
- { path => '/path/to/different/dir',
- additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
- },
- ],
-}
-```
-
-#### SSL parameters for `apache::vhost`
-
-All of the SSL parameters for `::vhost` default to whatever is set in the base `apache` class. Use the below parameters to tweak individual SSL settings for specific virtual hosts.
-
-##### `ssl`
-
-Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries. Values: Boolean.
-
-Default: `false`.
-
-##### `ssl_ca`
-
-Specifies the SSL certificate authority to be used to verify client certificates used for authentication. You must also set `ssl_verify_client` to use this.
-
-Default: `undef`.
-
-##### `ssl_cert`
-
-Specifies the SSL certification.
-
-Default: Depends on operating system.
-
-* RedHat: '/etc/pki/tls/certs/localhost.crt'
-* Debian: '/etc/ssl/certs/ssl-cert-snakeoil.pem'
-* FreeBSD: '/usr/local/etc/apache22/server.crt'
-* Gentoo: '/etc/ssl/apache2/server.crt'
-
-##### `ssl_protocol`
-
-Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols.
-
-Defaults: 'all', '-SSLv2', '-SSLv3'.
-
-##### `ssl_cipher`
-
-Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
-
-Default: 'HIGH:MEDIUM:!aNULL:!MD5'.
-
-##### `ssl_honorcipherorder`
-
-Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder), to cause Apache to use the server's preferred order of ciphers rather than the client's preferred order. Values:
-
-Values: Boolean, 'on', 'off'.
-
-Default: `true`.
-
-##### `ssl_certs_dir`
-
-Specifies the location of the SSL certification directory to verify client certs. Will not be used unless `ssl_verify_client` is also set (see below).
-
-Default: undef
-
-##### `ssl_chain`
-
-Specifies the SSL chain. This default works out of the box, but it must be updated in the base `apache` class with your specific certificate information before being used in production.
-
-Default: `undef`.
-
-##### `ssl_crl`
-
-Specifies the certificate revocation list to use. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
-
-Default: `undef`.
-
-##### `ssl_crl_path`
-
-Specifies the location of the certificate revocation list to verify certificates for client authentication with. (This default works out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.)
-
-Default: `undef`.
-
-##### `ssl_crl_check`
-
-Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck) for ssl client authentication. The default works out of the box but must be specified when using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on older versions.
-
-Default: `undef`.
-
-##### `ssl_key`
-
-Specifies the SSL key.
-
-Defaults are based on your operating system. Default work out of the box but must be updated in the base `apache` class with your specific certificate information before being used in production.
-
-* RedHat: '/etc/pki/tls/private/localhost.key'
-* Debian: '/etc/ssl/private/ssl-cert-snakeoil.key'
-* FreeBSD: '/usr/local/etc/apache22/server.key'
-* Gentoo: '/etc/ssl/apache2/server.key'
-
-##### `ssl_verify_client`
-
-Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient) directive, which sets the certificate verification level for client authentication.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- …
- ssl_verify_client => 'optional',
-}
-```
-
-Values: 'none', 'optional', 'require', and 'optional_no_ca'.
-
-Default: `undef`.
-
-
-##### `ssl_verify_depth`
-
-Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth) directive, which specifies the maximum depth of CA certificates in client certificate verification. You must set `ssl_verify_client` for it to take effect.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- …
- ssl_verify_client => 'require',
- ssl_verify_depth => 1,
-}
-```
-
-Default: `undef`.
-
-##### `ssl_proxy_protocol`
-
-Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol) directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing its server environment for proxy. It connects to servers using only one of the provided protocols.
-
-Default: `undef`.
-
-##### `ssl_proxy_verify`
-
-Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify) directive, which configures certificate verification of the remote server when a proxy is configured to forward requests to a remote SSL server.
-
-Default: `undef`.
-
-##### `ssl_proxy_verify_depth`
-
-Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth) directive, which configures how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate.
-
-A depth of 0 means that only self-signed remote server certificates are accepted, the default depth of 1 means the remote server certificate can be self-signed or signed by a CA that is directly known to the server.
-
-Default: `undef`
-
-##### `ssl_proxy_cipher_suite`
-
-Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite) directive, which controls cipher suites supported for ssl proxy traffic.
-
-Default: `undef`
-
-##### `ssl_proxy_ca_cert`
-
-Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile) directive, which specifies an all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. This file should be a concatenation of the PEM-encoded certificate files in order of preference.
-
-Default: `undef`
-
-##### `ssl_proxy_machine_cert`
-
-Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile) directive, which specifies an all-in-one file where you keep the certs and keys used for this server to authenticate itself to remote servers. This file should be a concatenation of the PEM-encoded certificate files in order of preference.
-
-``` puppet
-apache::vhost { 'sample.example.net':
- …
- ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
-}
-```
-
-Default: `undef`
-
-##### `ssl_proxy_check_peer_cn`
-
-Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL.
-
-Values: 'on', 'off'.
-
-Default: `undef`
-
-##### `ssl_proxy_check_peer_name`
-
-Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername) directive, which specifies whether the remote server certificate's CN field is compared against the hostname of the request URL.
-
-Values: 'on', 'off'.
-
-Default: `undef`
-
-##### `ssl_proxy_check_peer_expire`
-
-Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire) directive, which specifies whether the remote server certificate is checked for expiration or not.
-
-Values: 'on', 'off'.
-
-Default: `undef`
-
-##### `ssl_options`
-
-Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions) directive, which configures various SSL engine run-time options. This is the global setting for the given virtual host and can be a string or an array.
-
-A string:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- …
- ssl_options => '+ExportCertData',
-}
-```
-
-An array:
-
-``` puppet
-apache::vhost { 'sample.example.net':
- …
- ssl_options => ['+StrictRequire', '+ExportCertData'],
-}
-```
-
-Default: `undef`.
-
-##### `ssl_openssl_conf_cmd`
-
-Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters.
-
-Default: `undef`
-
-##### `ssl_proxyengine`
-
-Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
-
-Boolean.
-
-Default: `false`.
-
-##### `ssl_stapling`
-
-Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling). By default, uses what is set globally.
-
-This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
-
-Boolean or `undef`.
-
-Default: `undef`
-
-##### `ssl_stapling_timeout`
-
-Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
-
-This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
-
-Default: none.
-
-##### `ssl_stapling_return_errors`
-
-Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
-
-This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
-
-Default: none.
-
-#### Defined type: FastCGI Server
-
-This type is intended for use with mod\_fastcgi. It allows you to define one or more external FastCGI servers to handle specific file types.
-
-** Note ** If using Ubuntu 10.04+, you'll need to manually enable the multiverse repository.
-
-Ex:
-
-``` puppet
-apache::fastcgi::server { 'php':
- host => '127.0.0.1:9000',
- timeout => 15,
- flush => `false`,
- faux_path => '/var/www/php.fcgi',
- fcgi_alias => '/php.fcgi',
- file_type => 'application/x-httpd-php',
- pass_header => ''
-}
-```
-
-Within your virtual host, you can then configure the specified file type to be handled by the fastcgi server specified above.
-
-``` puppet
-apache::vhost { 'www':
- ...
- custom_fragment => 'AddType application/x-httpd-php .php'
- ...
-}
-```
-
-##### `host`
-
-The hostname or IP address and TCP port number (1-65535) of the FastCGI server.
-
-It is also possible to pass a unix socket:
-
-``` puppet
-apache::fastcgi::server { 'php':
- host => '/var/run/fcgi.sock',
-}
-```
-
-##### `timeout`
-
-The number of seconds of FastCGI application inactivity allowed before the request is aborted and the event is logged (at the error LogLevel). The inactivity timer applies only as long as a connection is pending with the FastCGI application. If a request is queued to an application, but the application doesn't respond (by writing and flushing) within this period, the request is aborted. If communication is complete with the application but incomplete with the client (the response is buffered), the timeout does not apply.
-
-##### `flush`
-
-Force a write to the client as data is received from the application. By default, `mod_fastcgi` buffers data in order to free the application as quickly as possible.
-
-##### `faux_path`
-
-Does not have to exist in the local filesystem. URIs that Apache resolves to this filename are handled by this external FastCGI application.
-
-##### `alias`
-
-A unique alias. This is used internally to link the action with the FastCGI server.
-
-##### `file_type`
-
-The MIME-type of the file to be processed by the FastCGI server.
-
-##### `pass_header`
-
-The name of an HTTP Request Header to be passed in the request environment. This option makes available the contents of headers which are normally not available (e.g. Authorization) to a CGI environment.
-
-#### Defined type: `apache::vhost::custom`
-
-The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
-
-**Parameters within `apache::vhost::custom`**:
-
-##### `content`
-
-Sets the configuration file's content.
-
-##### `ensure`
-
-Specifies if the virtual host file is present or absent.
-
-Values: 'absent', 'present'.
-
-Default: 'present'.
-
-##### `priority`
-
-Sets the relative load order for Apache HTTPD VirtualHost configuration files.
-
-Default: '25'.
-
-##### `verify_config`
-
-Specifies whether to validate the configuration file before notifying the Apache service.
-
-Boolean.
-
-Default: `true`.
-
-### Private defined types
-
-#### Defined type: `apache::peruser::multiplexer`
-
-This defined type checks if an Apache module has a class. If it does, it includes that class. If it does not, it passes the module name to the [`apache::mod`][] defined type.
-
-#### Defined type: `apache::peruser::multiplexer`
-
-Enables the [`Peruser`][] module for FreeBSD only.
-
-#### Defined type: `apache::peruser::processor`
-
-Enables the [`Peruser`][] module for FreeBSD only.
-
-#### Defined type: `apache::security::file_link`
-
-Links the `activated_rules` from [`apache::mod::security`][] to the respective CRS rules on disk.
-
-### Templates
-
-The Apache module relies heavily on templates to enable the [`apache::vhost`][] and [`apache::mod`][] defined types. These templates are built based on [Facter][] facts specific to your operating system. Unless explicitly called out, most templates are not meant for configuration.
-
-### Tasks
+### Tasks
The Apache module has a task that allows a user to reload the Apache config without restarting the service. Please refer to to the [PE documentation](https://puppet.com/docs/pe/2017.3/orchestrator/running_tasks.html) or [Bolt documentation](https://puppet.com/docs/bolt/latest/bolt.html) on how to execute a task.
-### Functions
-#### apache_pw_hash
-Hashes a password in a format suitable for htpasswd files read by apache.
-
-Currently uses SHA-hashes, because although this format is considered insecure, its the
-most secure format supported by the most platforms.
-
## Limitations
@@ -6057,4 +919,4 @@ COVERAGE=yes bundle exec rake parallel_spec
We want to make it as easy as possible to contribute changes so our modules work in your environment, but we also need contributors to follow a few guidelines to help us maintain and improve the modules' quality.
-For more information, please read the complete [module contribution guide][] and check out [CONTRIBUTING.md][].
+For more information, please read the complete [module contribution guide][] and check out [CONTRIBUTING.md][].
\ No newline at end of file
diff --git a/REFERENCE.md b/REFERENCE.md
new file mode 100644
index 0000000000..4329d3ab9f
--- /dev/null
+++ b/REFERENCE.md
@@ -0,0 +1,9349 @@
+# Reference
+
+
+## Table of Contents
+
+**Classes**
+
+_Public Classes_
+
+* [`apache`](#apache): Guides the basic setup and installation of Apache on your system.
+* [`apache::dev`](#apachedev): Installs Apache development libraries.
+* [`apache::mod::actions`](#apachemodactions): Installs Apache mod_actions
+* [`apache::mod::alias`](#apachemodalias): Installs and configures `mod_alias`.
+* [`apache::mod::auth_basic`](#apachemodauth_basic): Installs `mod_auth_basic`
+* [`apache::mod::auth_cas`](#apachemodauth_cas): Installs and configures `mod_auth_cas`.
+* [`apache::mod::auth_gssapi`](#apachemodauth_gssapi): Installs `mod_auth_gsappi`.
+* [`apache::mod::auth_kerb`](#apachemodauth_kerb): Installs `mod_auth_kerb`
+* [`apache::mod::auth_mellon`](#apachemodauth_mellon): Installs and configures `mod_auth_mellon`.
+* [`apache::mod::authn_core`](#apachemodauthn_core): Installs `mod_authn_core`.
+* [`apache::mod::authn_dbd`](#apachemodauthn_dbd): Installs `mod_authn_dbd`.
+* [`apache::mod::authn_file`](#apachemodauthn_file): Installs `mod_authn_file`.
+* [`apache::mod::authnz_ldap`](#apachemodauthnz_ldap): Installs `mod_authnz_ldap`.
+* [`apache::mod::authnz_pam`](#apachemodauthnz_pam): Installs `mod_authnz_pam`.
+* [`apache::mod::authz_default`](#apachemodauthz_default): Installs and configures `mod_authz_default`.
+* [`apache::mod::authz_user`](#apachemodauthz_user): Installs `mod_authz_user`
+* [`apache::mod::autoindex`](#apachemodautoindex): Installs `mod_autoindex`
+* [`apache::mod::cache`](#apachemodcache): Installs `mod_cache`
+* [`apache::mod::cgi`](#apachemodcgi): Installs `mod_cgi`.
+* [`apache::mod::cgid`](#apachemodcgid): Installs `mod_cgid`.
+* [`apache::mod::cluster`](#apachemodcluster): Installs `mod_cluster`.
+* [`apache::mod::data`](#apachemoddata): Installs and configures `mod_data`.
+* [`apache::mod::dav`](#apachemoddav): Installs `mod_dav`.
+* [`apache::mod::dav_fs`](#apachemoddav_fs): Installs `mod_dav_fs`.
+* [`apache::mod::dav_svn`](#apachemoddav_svn): Installs and configures `mod_dav_svn`.
+* [`apache::mod::dbd`](#apachemoddbd): Installs `mod_dbd`.
+* [`apache::mod::deflate`](#apachemoddeflate): Installs and configures `mod_deflate`.
+* [`apache::mod::dev`](#apachemoddev): Installs `mod_dev`.
+* [`apache::mod::dir`](#apachemoddir): Installs and configures `mod_dir`.
+* [`apache::mod::disk_cache`](#apachemoddisk_cache): Installs and configures `mod_disk_cache`.
+* [`apache::mod::dumpio`](#apachemoddumpio): Installs and configures `mod_dumpio`.
+* [`apache::mod::env`](#apachemodenv): Installs `mod_env`.
+* [`apache::mod::event`](#apachemodevent): Installs and configures `mod_event`.
+* [`apache::mod::expires`](#apachemodexpires): Installs and configures `mod_expires`.
+* [`apache::mod::ext_filter`](#apachemodext_filter): Installs and configures `mod_ext_filter`.
+* [`apache::mod::fastcgi`](#apachemodfastcgi): Installs `mod_fastcgi`.
+* [`apache::mod::fcgid`](#apachemodfcgid): Installs and configures `mod_fcgid`.
+* [`apache::mod::filter`](#apachemodfilter): Installs `mod_filter`.
+* [`apache::mod::geoip`](#apachemodgeoip): Installs and configures `mod_geoip`.
+* [`apache::mod::headers`](#apachemodheaders): Installs and configures `mod_headers`.
+* [`apache::mod::http2`](#apachemodhttp2): Installs and configures `mod_http2`.
+* [`apache::mod::include`](#apachemodinclude): Installs `mod_include`.
+* [`apache::mod::info`](#apachemodinfo): Installs and configures `mod_info`.
+* [`apache::mod::intercept_form_submit`](#apachemodintercept_form_submit): Installs `mod_intercept_form_submit`.
+* [`apache::mod::itk`](#apachemoditk): Installs MPM `mod_itk`.
+* [`apache::mod::jk`](#apachemodjk): Installs `mod_jk`.
+* [`apache::mod::ldap`](#apachemodldap): Installs and configures `mod_ldap`.
+* [`apache::mod::lookup_identity`](#apachemodlookup_identity): Installs `mod_lookup_identity`
+* [`apache::mod::macro`](#apachemodmacro): Installs `mod_macro`.
+* [`apache::mod::mime`](#apachemodmime): Installs and configures `mod_mime`.
+* [`apache::mod::mime_magic`](#apachemodmime_magic): Installs and configures `mod_mime_magic`.
+* [`apache::mod::negotiation`](#apachemodnegotiation): Installs and configures `mod_negotiation`.
+* [`apache::mod::nss`](#apachemodnss): Installs and configures `mod_nss`.
+* [`apache::mod::pagespeed`](#apachemodpagespeed): Installs and configures `mod_pagespeed`.
+* [`apache::mod::passenger`](#apachemodpassenger): Installs `mod_pasenger`.
+* [`apache::mod::perl`](#apachemodperl): Installs `mod_perl`.
+* [`apache::mod::peruser`](#apachemodperuser): Installs `mod_peruser`.
+* [`apache::mod::php`](#apachemodphp): Installs `mod_php`.
+* [`apache::mod::prefork`](#apachemodprefork): Installs and configures MPM `prefork`.
+* [`apache::mod::proxy`](#apachemodproxy): Installs and configures `mod_proxy`.
+* [`apache::mod::proxy_ajp`](#apachemodproxy_ajp): Installs `mod_proxy_ajp`.
+* [`apache::mod::proxy_balancer`](#apachemodproxy_balancer): Installs and configures `mod_proxy_balancer`.
+* [`apache::mod::proxy_connect`](#apachemodproxy_connect): Installs `mod_proxy_connect`.
+* [`apache::mod::proxy_fcgi`](#apachemodproxy_fcgi): Installs `mod_proxy_fcgi`.
+* [`apache::mod::proxy_html`](#apachemodproxy_html): Installs `mod_proxy_html`.
+* [`apache::mod::proxy_http`](#apachemodproxy_http): Installs `mod_proxy_http`.
+* [`apache::mod::proxy_wstunnel`](#apachemodproxy_wstunnel): Installs `mod_proxy_wstunnel`.
+* [`apache::mod::python`](#apachemodpython): Installs and configures `mod_python`.
+* [`apache::mod::remoteip`](#apachemodremoteip): Installs and configures `mod_remoteip`.
+* [`apache::mod::reqtimeout`](#apachemodreqtimeout): Installs and configures `mod_reqtimeout`.
+* [`apache::mod::rewrite`](#apachemodrewrite): Installs `mod_rewrite`.
+* [`apache::mod::rpaf`](#apachemodrpaf): Installs and configures `mod_rpaf`.
+* [`apache::mod::security`](#apachemodsecurity): Installs and configures `mod_security`.
+* [`apache::mod::setenvif`](#apachemodsetenvif): Installs `mod_setenvif`.
+* [`apache::mod::shib`](#apachemodshib): Installs and configures `mod_shib`.
+* [`apache::mod::socache_shmcb`](#apachemodsocache_shmcb): Installs `mod_socache_shmcb`.
+* [`apache::mod::speling`](#apachemodspeling): Installs `mod_spelling`.
+* [`apache::mod::ssl`](#apachemodssl): Installs `mod_ssl`.
+* [`apache::mod::status`](#apachemodstatus): Installs and configures `mod_status`.
+* [`apache::mod::suexec`](#apachemodsuexec): Installs `mod_suexec`.
+* [`apache::mod::suphp`](#apachemodsuphp): Installs `mod_suphp`.
+* [`apache::mod::userdir`](#apachemoduserdir): Installs and configures `mod_userdir`.
+* [`apache::mod::version`](#apachemodversion): Installs `mod_version`.
+* [`apache::mod::vhost_alias`](#apachemodvhost_alias): Installs Apache `mod_vhost_alias`.
+* [`apache::mod::worker`](#apachemodworker): Installs and manages the MPM `worker`.
+* [`apache::mod::wsgi`](#apachemodwsgi): Installs and configures `mod_wsgi`.
+* [`apache::mod::xsendfile`](#apachemodxsendfile): Installs `mod_xsendfile`.
+* [`apache::vhosts`](#apachevhosts): Creates `apache::vhost` defined types.
+
+_Private Classes_
+
+* `apache::confd::no_accf`: Manages the `no-accf.conf` file.
+* `apache::default_confd_files`: Helper for setting up default conf.d files.
+* `apache::default_mods`: Installs and congfigures default mods for Apache
+* `apache::package`: Installs an Apache MPM.
+* `apache::params`: This class manages Apache parameters
+* `apache::php`: This class installs PHP for Apache.
+* `apache::proxy`: This class enabled the proxy module for Apache.
+* `apache::python`: This class installs Python for Apache
+* `apache::service`: Installs and configures Apache service.
+* `apache::ssl`: This class installs Apache SSL capabilities
+* `apache::version`: Try to automatically detect the version by OS
+
+**Defined types**
+
+_Public Defined types_
+
+* [`apache::balancer`](#apachebalancer): This type will create an apache balancer cluster file inside the conf.d
+directory.
+* [`apache::balancermember`](#apachebalancermember): Defines members of `mod_proxy_balancer`
+* [`apache::custom_config`](#apachecustom_config): Adds a custom configuration file to the Apache server's `conf.d` directory.
+* [`apache::fastcgi::server`](#apachefastcgiserver): Defines one or more external FastCGI servers to handle specific file types. Use this
+defined type with `mod_fastcgi`.
+* [`apache::listen`](#apachelisten): Adds `Listen` directives to `ports.conf` that define the
+Apache server's or a virtual host's listening address and port.
+* [`apache::mod`](#apachemod): Installs packages for an Apache module that doesn't have a corresponding
+`apache::mod::` class.
+* [`apache::namevirtualhost`](#apachenamevirtualhost): Enables name-based virtual hosts
+* [`apache::vhost`](#apachevhost): Allows specialised configurations for virtual hosts that possess requirements
+outside of the defaults.
+* [`apache::vhost::custom`](#apachevhostcustom): A wrapper around the `apache::custom_config` defined type.
+
+_Private Defined types_
+
+* `apache::default_mods::load`: Helper used by `apache::default_mods`
+* `apache::mpm`: Enables the use of Apache MPMs.
+* `apache::peruser::multiplexer`: Checks if an Apache module has a class.
+* `apache::peruser::processor`: Enables the `Peruser` module for FreeBSD only.
+* `apache::security::rule_link`: Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk.
+
+**Resource types**
+
+* [`a2mod`](#a2mod): Manage Apache 2 modules
+
+**Functions**
+
+* [`apache::apache_pw_hash`](#apacheapache_pw_hash): Hashes a password in a format suitable for htpasswd files read by apache.
+* [`apache::bool2httpd`](#apachebool2httpd): Transform a supposed boolean to On or Off. Passes all other values through.
+* [`apache::validate_apache_log_level`](#apachevalidate_apache_log_level): Perform simple validation of a string against the list of known log levels.
+* [`apache_pw_hash`](#apache_pw_hash): Hashes a password in a format suitable for htpasswd files read by apache.
+* [`bool2httpd`](#bool2httpd): Transform a supposed boolean to On or Off. Pass all other values through.
+* [`validate_apache_log_level`](#validate_apache_log_level): Perform simple validation of a string against the list of known log levels.
+
+**Tasks**
+
+* [`init`](#init): Allows you to perform apache service functions
+
+## Classes
+
+### apache
+
+When this class is declared with the default options, Puppet:
+- Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
+- Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
+- Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings.
+- Creates a document root directory determined by your operating system, typically `/var/www`.
+- Starts the Apache service.
+
+#### Examples
+
+#####
+
+```puppet
+class { 'apache': }
+```
+
+#### Parameters
+
+The following parameters are available in the `apache` class.
+
+##### `allow_encoded_slashes`
+
+Data type: `Optional[Enum['on', 'off', 'nodecode']]`
+
+Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the
+responses to URLs containing '\' and '/' characters. If not specified, this parameter omits
+the declaration from the server's configuration and uses Apache's default setting of 'off'.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Any`
+
+Configures module template behavior, package names, and default Apache modules by defining
+the version of Apache to use. We do not recommend manually configuring this parameter
+without reason.
+
+Default value: $::apache::version::default
+
+##### `conf_dir`
+
+Data type: `Any`
+
+Sets the directory where the Apache server's main configuration file is located.
+
+Default value: $::apache::params::conf_dir
+
+##### `conf_template`
+
+Data type: `Any`
+
+Defines the template used for the main Apache configuration file. Modifying this
+parameter is potentially risky, as the apache module is designed to use a minimal
+configuration file customized by `conf.d` entries.
+
+Default value: $::apache::params::conf_template
+
+##### `confd_dir`
+
+Data type: `Any`
+
+Sets the location of the Apache server's custom configuration directory.
+
+Default value: $::apache::params::confd_dir
+
+##### `default_charset`
+
+Data type: `Any`
+
+Used as the `AddDefaultCharset` directive in the main configuration file.
+
+Default value: `undef`
+
+##### `default_confd_files`
+
+Data type: `Boolean`
+
+Determines whether Puppet generates a default set of includable Apache configuration files
+in the directory defined by the `confd_dir` parameter. These configuration files
+correspond to what is typically installed with the Apache package on the server's
+operating system.
+
+Default value: `true`
+
+##### `default_mods`
+
+Data type: `Any`
+
+Determines whether to configure and enable a set of default Apache modules depending on
+your operating system.
+If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work
+on your operating system, and you can declare any other modules separately using the
+`apache::mod::` class or `apache::mod` defined type.
+If `true`, Puppet installs additional modules, depending on the operating system and
+the values of `apache_version` and `mpm_module` parameters. Because these lists of
+modules can change frequently, consult the Puppet module's code for up-to-date lists.
+If this parameter contains an array, Puppet instead enables all passed Apache modules.
+
+Default value: `true`
+
+##### `default_ssl_ca`
+
+Data type: `Any`
+
+Sets the default certificate authority for the Apache server.
+Although the default value results in a functioning Apache server, you **must** update
+this parameter with your certificate authority information before deploying this server in
+a production environment.
+
+Default value: `undef`
+
+##### `default_ssl_cert`
+
+Data type: `Any`
+
+Sets the SSL encryption certificate location.
+Although the default value results in a functioning Apache server, you **must** update this
+parameter with your certificate location before deploying this server in a production environment.
+
+Default value: $::apache::params::default_ssl_cert
+
+##### `default_ssl_chain`
+
+Data type: `Any`
+
+Sets the default SSL chain location.
+Although this default value results in a functioning Apache server, you **must** update
+this parameter with your SSL chain before deploying this server in a production environment.
+
+Default value: `undef`
+
+##### `default_ssl_crl`
+
+Data type: `Any`
+
+Sets the path of the default certificate revocation list (CRL) file to use.
+Although this default value results in a functioning Apache server, you **must** update
+this parameter with the CRL file path before deploying this server in a production
+environment. You can use this parameter with or in place of the `default_ssl_crl_path`.
+
+Default value: `undef`
+
+##### `default_ssl_crl_path`
+
+Data type: `Any`
+
+Sets the server's certificate revocation list path, which contains your CRLs.
+Although this default value results in a functioning Apache server, you **must** update
+this parameter with the CRL file path before deploying this server in a production environment.
+
+Default value: `undef`
+
+##### `default_ssl_crl_check`
+
+Data type: `Any`
+
+Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive.
+This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
+Although this default value results in a functioning Apache server, you **must** specify
+this parameter when using certificate revocation lists in a production environment.
+
+Default value: `undef`
+
+##### `default_ssl_key`
+
+Data type: `Any`
+
+Sets the SSL certificate key file location.
+Although the default values result in a functioning Apache server, you **must** update
+this parameter with your SSL key's location before deploying this server in a production
+environment.
+
+Default value: $::apache::params::default_ssl_key
+
+##### `default_ssl_vhost`
+
+Data type: `Boolean`
+
+Configures a default SSL virtual host.
+If `true`, Puppet automatically configures the following virtual host using the
+`apache::vhost` defined type:
+```puppet
+apache::vhost { 'default-ssl':
+ port => 443,
+ ssl => true,
+ docroot => $docroot,
+ scriptalias => $scriptalias,
+ serveradmin => $serveradmin,
+ access_log_file => "ssl_${access_log_file}",
+}
+```
+**Note**: SSL virtual hosts only respond to HTTPS queries.
+
+Default value: `false`
+
+##### `default_type`
+
+Data type: `Any`
+
+_Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise
+determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and
+newer, and is only for backwards compatibility in configuration files.
+
+Default value: 'none'
+
+##### `default_vhost`
+
+Data type: `Boolean`
+
+Configures a default virtual host when the class is declared.
+To configure customized virtual hosts, set this parameter's
+value to `false`.
+> **Note**: Apache will not start without at least one virtual host. If you set this
+to `false` you must configure a virtual host elsewhere.
+
+Default value: `true`
+
+##### `dev_packages`
+
+Data type: `Any`
+
+Configures a specific dev package to use.
+For example, using httpd 2.4 from the IUS yum repo:
+``` puppet
+include ::apache::dev
+class { 'apache':
+ apache_name => 'httpd24u',
+ dev_packages => 'httpd24u-devel',
+}
+```
+
+Default value: $::apache::params::dev_packages
+
+##### `docroot`
+
+Data type: `Any`
+
+Sets the default `DocumentRoot` location.
+
+Default value: $::apache::params::docroot
+
+##### `error_documents`
+
+Data type: `Any`
+
+Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.
+
+Default value: `false`
+
+##### `group`
+
+Data type: `Any`
+
+Sets the group ID that owns any Apache processes spawned to answer requests.
+By default, Puppet attempts to manage this group as a resource under the `apache`
+class, determining the group based on the operating system as detected by the
+`apache::params` class. To prevent the group resource from being created and use a group
+created by another Puppet module, set the `manage_group` parameter's value to `false`.
+> **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn
+child processes to access resources. It does not change the user that owns the parent server
+process.
+
+Default value: $::apache::params::group
+
+##### `httpd_dir`
+
+Data type: `Any`
+
+Sets the Apache server's base configuration directory. This is useful for specially
+repackaged Apache server builds but might have unintended consequences when combined
+with the default distribution packages.
+
+Default value: $::apache::params::httpd_dir
+
+##### `http_protocol_options`
+
+Data type: `Any`
+
+Specifies the strictness of HTTP protocol checks.
+Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`,
+`RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
+
+Default value: $::apache::params::http_protocol_options
+
+##### `keepalive`
+
+Data type: `Any`
+
+Determines whether to enable persistent HTTP connections with the `KeepAlive` directive.
+If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters
+to set relevant options.
+
+Default value: $::apache::params::keepalive
+
+##### `keepalive_timeout`
+
+Data type: `Any`
+
+Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache
+server waits for subsequent requests on a persistent HTTP connection. This parameter is
+only relevant if the `keepalive` parameter is enabled.
+
+Default value: $::apache::params::keepalive_timeout
+
+##### `max_keepalive_requests`
+
+Data type: `Any`
+
+Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.
+
+Default value: $::apache::params::max_keepalive_requests
+
+##### `hostname_lookups`
+
+Data type: `Enum['Off', 'On', 'Double', 'off', 'on', 'double']`
+
+This directive enables DNS lookups so that host names can be logged and passed to
+CGIs/SSIs in REMOTE_HOST.
+> **Note**: If enabled, it impacts performance significantly.
+
+Default value: $::apache::params::hostname_lookups
+
+##### `lib_path`
+
+Data type: `Any`
+
+Specifies the location whereApache module files are stored.
+> **Note**: Do not configure this parameter manually without special reason.
+
+Default value: $::apache::params::lib_path
+
+##### `log_level`
+
+Data type: `Any`
+
+Changes the error log's verbosity. Valid options are: `alert`, `crit`, `debug`, `emerg`, `error`,
+`info`, `notice` and `warn`.
+
+Default value: $::apache::params::log_level
+
+##### `log_formats`
+
+Data type: `Any`
+
+Define additional `LogFormat` directives. Values: A hash, such as:
+``` puppet
+$log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
+```
+ There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
+``` httpd
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+ LogFormat "%{Referer}i -> %U" referer
+ LogFormat "%{User-agent}i" agent
+ LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+```
+If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
+
+Default value: {}
+
+##### `logroot`
+
+Data type: `Any`
+
+Changes the directory of Apache log files for the virtual host.
+
+Default value: $::apache::params::logroot
+
+##### `logroot_mode`
+
+Data type: `Any`
+
+Overrides the default `logroot` directory's mode.
+> **Note**: Do _not_ grant write access to the directory where the logs are stored
+without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)
+for details.
+
+Default value: $::apache::params::logroot_mode
+
+##### `manage_group`
+
+Data type: `Boolean`
+
+When `false`, stops Puppet from creating the group resource.
+If you have a group created from another Puppet module that you want to use to run Apache,
+set this to `false`. Without this parameter, attempting to use a previously established
+group results in a duplicate resource error.
+
+Default value: `true`
+
+##### `supplementary_groups`
+
+Data type: `Any`
+
+A list of groups to which the user belongs. These groups are in addition to the primary group.
+Notice: This option only has an effect when `manage_user` is set to true.
+
+Default value: []
+
+##### `manage_user`
+
+Data type: `Boolean`
+
+When `false`, stops Puppet from creating the user resource.
+This is for instances when you have a user, created from another Puppet module, you want
+to use to run Apache. Without this parameter, attempting to use a previously established
+user would result in a duplicate resource error.
+
+Default value: `true`
+
+##### `mod_dir`
+
+Data type: `Any`
+
+Sets where Puppet places configuration files for your Apache modules.
+
+Default value: $::apache::params::mod_dir
+
+##### `mod_libs`
+
+Data type: `Any`
+
+Allows the user to override default module library names.
+```puppet
+include apache::params
+class { 'apache':
+ mod_libs => merge($::apache::params::mod_libs, {
+ 'wsgi' => 'mod_wsgi_python3.so',
+ })
+}
+```
+
+Default value: $::apache::params::mod_libs
+
+##### `mod_packages`
+
+Data type: `Any`
+
+Allows the user to override default module package names.
+```puppet
+include apache::params
+class { 'apache':
+ mod_packages => merge($::apache::params::mod_packages, {
+ 'auth_kerb' => 'httpd24-mod_auth_kerb',
+ })
+}
+```
+
+Default value: $::apache::params::mod_packages
+
+##### `mpm_module`
+
+Data type: `Any`
+
+Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the
+HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.
+You must set this to `false` to explicitly declare the following classes with custom parameters:
+- `apache::mod::event`
+- `apache::mod::itk`
+- `apache::mod::peruser`
+- `apache::mod::prefork`
+- `apache::mod::worker`
+
+Default value: $::apache::params::mpm_module
+
+##### `package_ensure`
+
+Data type: `Any`
+
+Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`
+(or equivalent `present`), or a version string.
+
+Default value: 'installed'
+
+##### `pidfile`
+
+Data type: `Any`
+
+Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
+
+Default value: $::apache::params::pidfile
+
+##### `ports_file`
+
+Data type: `Any`
+
+Sets the path to the file containing Apache ports configuration.
+
+Default value: $::apache::params::ports_file
+
+##### `protocols`
+
+Data type: `Array[Enum['h2', 'h2c', 'http/1.1']]`
+
+Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
+directive, which lists available protocols for the server.
+
+Default value: []
+
+##### `protocols_honor_order`
+
+Data type: `Optional[Boolean]`
+
+Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
+directive which determines whether the order of Protocols sets precedence during negotiation.
+
+Default value: `undef`
+
+##### `purge_configs`
+
+Data type: `Any`
+
+Removes all other Apache configs and virtual hosts.
+Setting this to `false` is a stopgap measure to allow the apache module to coexist with
+existing or unmanaged configurations. We recommend moving your configuration to resources
+within this module. For virtual host configurations, see `purge_vhost_dir`.
+
+Default value: `true`
+
+##### `purge_vhost_dir`
+
+Data type: `Any`
+
+If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter
+determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed
+by Puppet.
+Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to
+coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
+
+Default value: `undef`
+
+##### `rewrite_lock`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Allows setting a custom location for a rewrite lock - considered best practice if using
+a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter
+only applies to Apache version 2.2 or lower and is ignored on newer versions.
+
+Default value: `undef`
+
+##### `sendfile`
+
+Data type: `Enum['On', 'Off', 'on', 'off']`
+
+Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the
+`EnableSendfile` directive.
+
+Default value: 'On'
+
+##### `serveradmin`
+
+Data type: `Any`
+
+Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.
+
+Default value: 'root@localhost'
+
+##### `servername`
+
+Data type: `Any`
+
+Sets the Apache server name via Apache's `ServerName` directive.
+Setting to `false` will not set ServerName at all.
+
+Default value: $::apache::params::servername
+
+##### `server_root`
+
+Data type: `Any`
+
+Sets the Apache server's root directory via Apache's `ServerRoot` directive.
+
+Default value: $::apache::params::server_root
+
+##### `server_signature`
+
+Data type: `Any`
+
+Configures a trailing footer line to display at the bottom of server-generated documents,
+such as error documents and output of certain Apache modules, via Apache's `ServerSignature`
+directive. Valid values are: `On` or `Off`.
+
+Default value: 'On'
+
+##### `server_tokens`
+
+Data type: `Any`
+
+Controls how much information Apache sends to the browser about itself and the operating
+system, via Apache's `ServerTokens` directive.
+
+Default value: 'Prod'
+
+##### `service_enable`
+
+Data type: `Boolean`
+
+Determines whether Puppet enables the Apache HTTPD service when the system is booted.
+
+Default value: `true`
+
+##### `service_ensure`
+
+Data type: `Any`
+
+Determines whether Puppet should make sure the service is running.
+Valid values are: `true` (or `running`) or `false` (or `stopped`).
+The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter
+to `false`, which is useful when you want to let the service be managed by another
+application, such as Pacemaker.
+
+Default value: 'running'
+
+##### `service_name`
+
+Data type: `Any`
+
+Sets the name of the Apache service.
+
+Default value: $::apache::params::service_name
+
+##### `service_manage`
+
+Data type: `Boolean`
+
+Determines whether Puppet manages the HTTPD service's state.
+
+Default value: `true`
+
+##### `service_restart`
+
+Data type: `Any`
+
+Determines whether Puppet should use a specific command to restart the HTTPD service.
+Values: a command to restart the Apache service.
+
+Default value: `undef`
+
+##### `timeout`
+
+Data type: `Any`
+
+Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for
+certain events before failing a request.
+
+Default value: '60'
+
+##### `trace_enable`
+
+Data type: `Any`
+
+Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.
+
+Default value: 'On'
+
+##### `use_canonical_name`
+
+Data type: `Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]`
+
+Controls Apache's `UseCanonicalName` directive which controls how Apache handles
+self-referential URLs. If not specified, this parameter omits the declaration from the
+server's configuration and uses Apache's default setting of 'off'.
+
+Default value: `undef`
+
+##### `use_systemd`
+
+Data type: `Any`
+
+Controls whether the systemd module should be installed on Centos 7 servers, this is
+especially useful if using custom-built RPMs.
+
+Default value: $::apache::params::use_systemd
+
+##### `file_mode`
+
+Data type: `Any`
+
+Sets the desired permissions mode for config files.
+Valid values are: a string, with permissions mode in symbolic or numeric notation.
+
+Default value: $::apache::params::file_mode
+
+##### `root_directory_options`
+
+Data type: `Any`
+
+Array of the desired options for the `/` directory in httpd.conf.
+
+Default value: $::apache::params::root_directory_options
+
+##### `root_directory_secured`
+
+Data type: `Boolean`
+
+Sets the default access policy for the `/` directory in httpd.conf. A value of `false`
+allows access to all resources that are missing a more specific access policy. A value of
+`true` denies access to all resources by default. If `true`, more specific rules must be
+used to allow access to these resources (for example, in a directory block using the
+`directories` parameter).
+
+Default value: `false`
+
+##### `vhost_dir`
+
+Data type: `Any`
+
+Changes your virtual host configuration files' location.
+
+Default value: $::apache::params::vhost_dir
+
+##### `vhost_include_pattern`
+
+Data type: `Any`
+
+Defines the pattern for files included from the `vhost_dir`.
+If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in
+this directory (such as files created by version control systems or editor backups) are
+*not* included in your server configuration.
+Some operating systems use a value of `*.conf`. By default, this module creates configuration
+files ending in `.conf`.
+
+Default value: $::apache::params::vhost_include_pattern
+
+##### `user`
+
+Data type: `Any`
+
+Changes the user that Apache uses to answer requests. Apache's parent process continues
+to run as root, but child processes access resources as the user defined by this parameter.
+To prevent Puppet from managing the user, set the `manage_user` parameter to `false`.
+
+Default value: $::apache::params::user
+
+##### `apache_name`
+
+Data type: `Any`
+
+The name of the Apache package to install. If you are using a non-standard Apache package
+you might need to override the default setting.
+For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
+
+Default value: $::apache::params::apache_name
+
+##### `error_log`
+
+Data type: `Any`
+
+The name of the error log file for the main server instance. If the string starts with
+`/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with
+`$logroot`.
+
+Default value: $::apache::params::error_log
+
+##### `scriptalias`
+
+Data type: `Any`
+
+Directory to use for global script alias
+
+Default value: $::apache::params::scriptalias
+
+##### `access_log_file`
+
+Data type: `Any`
+
+The name of the access log file for the main server instance.
+
+Default value: $::apache::params::access_log_file
+
+##### `limitreqfields`
+
+Data type: `Any`
+
+The `limitreqfields` parameter sets the maximum number of request header fields in
+an HTTP request. This directive gives the server administrator greater control over
+abnormal client request behavior, which may be useful for avoiding some forms of
+denial-of-service attacks. The value should be increased if normal clients see an error
+response from the server that indicates too many fields were sent in the request.
+
+Default value: '100'
+
+##### `limitreqfieldsize`
+
+Data type: `Any`
+
+The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
+be allowed within a request header.
+
+Default value: '8190'
+
+##### `ip`
+
+Data type: `Any`
+
+Specifies the ip address
+
+Default value: `undef`
+
+##### `purge_vdir`
+
+Data type: `Any`
+
+Removes all other Apache configs and virtual hosts.
+> **Note**: This parameter is deprecated in favor of the `purge_config` parameter.
+
+Default value: `false`
+
+##### `conf_enabled`
+
+Data type: `Any`
+
+Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.
+
+Default value: $::apache::params::conf_enabled
+
+##### `vhost_enable_dir`
+
+Data type: `Any`
+
+Set's whether the vhost definitions will be stored in sites-availible and if
+they will be symlinked to and from sites-enabled.
+
+Default value: $::apache::params::vhost_enable_dir
+
+##### `mod_enable_dir`
+
+Data type: `Any`
+
+Set's whether the mods-enabled directory should be managed.
+
+Default value: $::apache::params::mod_enable_dir
+
+##### `ssl_file`
+
+Data type: `Any`
+
+This parameter allows you to set an ssl.conf file to be managed in order to implement
+an SSL Certificate.
+
+Default value: `undef`
+
+##### `file_e_tag`
+
+Data type: `Any`
+
+Sets the server default for the `FileETag` declaration, which modifies the response header
+field for static files.
+
+Default value: `undef`
+
+##### `use_optional_includes`
+
+Data type: `Boolean`
+
+Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
+`additional_includes` in Apache 2.4 or newer.
+
+Default value: $::apache::params::use_optional_includes
+
+##### `mime_types_additional`
+
+Data type: `Any`
+
+Specifies any idditional Internet media (mime) types that you wish to be configured.
+
+Default value: $::apache::params::mime_types_additional
+
+### apache::dev
+
+The libraries installed depends on the `dev_packages` parameter of the `apache::params`
+class, based on your operating system:
+- **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` on Ubuntu 13.10 and Debian 8; `apache2-prefork-dev` on other versions.
+- **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
+- **Gentoo**: `undef`.
+- **Red Hat**: `httpd-devel`.
+
+### apache::mod::actions
+
+Installs Apache mod_actions
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_actions.html
+for additional documentation.
+
+### apache::mod::alias
+
+Installs and configures `mod_alias`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_alias.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::alias` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+The version of Apache, if not set will be retrieved from the init class.
+
+Default value: `undef`
+
+##### `icons_options`
+
+Data type: `Any`
+
+Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)
+directive.
+
+Default value: 'Indexes MultiViews'
+
+##### `icons_path`
+
+Data type: `Any`
+
+Sets the local path for an /icons/ Alias. Default depends on operating system:
+- Debian: /usr/share/apache2/icons
+- FreeBSD: /usr/local/www/apache24/icons
+- Gentoo: /var/www/icons
+- Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons
+
+Default value: $::apache::params::alias_icons_path
+
+### apache::mod::auth_basic
+
+Installs `mod_auth_basic`
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_auth_basic.html
+for additional documentation.
+
+### apache::mod::auth_cas
+
+Installs and configures `mod_auth_cas`.
+
+* **Note** The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
+
+* **See also**
+https://github.com/apereo/mod_auth_cas
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::auth_cas` class.
+
+##### `cas_login_url`
+
+Data type: `String`
+
+Sets the URL to which the module redirects users when they attempt to access a
+CAS-protected resource and don't have an active session.
+
+##### `cas_validate_url`
+
+Data type: `String`
+
+Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+
+##### `cas_cookie_path`
+
+Data type: `String`
+
+Sets the location where information on the current session should be stored. This should
+be writable by the web server only.
+
+Default value: $::apache::params::cas_cookie_path
+
+##### `cas_cookie_path_mode`
+
+Data type: `Any`
+
+The mode of cas_cookie_path.
+
+Default value: '0750'
+
+##### `cas_version`
+
+Data type: `Any`
+
+The version of the CAS protocol to adhere to.
+
+Default value: 2
+
+##### `cas_debug`
+
+Data type: `Any`
+
+Whether to enable or disable debug mode.
+
+Default value: 'Off'
+
+##### `cas_validate_server`
+
+Data type: `Any`
+
+Whether to validate the presented certificate. This has been deprecated and
+removed from Version 1.1-RC1 onward.
+
+Default value: `undef`
+
+##### `cas_validatedepth`
+
+The maximum depth for chained certificate validation.
+
+##### `cas_proxy_validate_url`
+
+Data type: `Any`
+
+The URL to use when performing a proxy validation.
+
+Default value: `undef`
+
+##### `cas_root_proxied_as`
+
+Data type: `Any`
+
+Sets the URL end users see when access to this Apache server is proxied per vhost.
+This URL should not include a trailing slash.
+
+Default value: `undef`
+
+##### `cas_cookie_entropy`
+
+Data type: `Any`
+
+When creating a local session, this many random bytes are used to create a unique
+session identifier.
+
+Default value: `undef`
+
+##### `cas_timeout`
+
+Data type: `Any`
+
+The hard limit, in seconds, for a mod_auth_cas session.
+
+Default value: `undef`
+
+##### `cas_idle_timeout`
+
+Data type: `Any`
+
+The limit, in seconds, of how long a mod_auth_cas session can be idle.
+
+Default value: `undef`
+
+##### `cas_cache_clean_interval`
+
+Data type: `Any`
+
+The minimum amount of time that must pass inbetween cache cleanings.
+
+Default value: `undef`
+
+##### `cas_cookie_domain`
+
+Data type: `Any`
+
+The value for the 'Domain=' parameter in the Set-Cookie header.
+
+Default value: `undef`
+
+##### `cas_cookie_http_only`
+
+Data type: `Any`
+
+Setting this flag prevents the mod_auth_cas cookies from being accessed by
+client side Javascript.
+
+Default value: `undef`
+
+##### `cas_authoritative`
+
+Data type: `Any`
+
+Determines whether an optional authorization directive is authoritative and thus binding.
+
+Default value: `undef`
+
+##### `cas_validate_saml`
+
+Data type: `Any`
+
+Parse response from CAS server for SAML.
+
+Default value: `undef`
+
+##### `cas_sso_enabled`
+
+Data type: `Any`
+
+Enables experimental support for single sign out (may mangle POST data).
+
+Default value: `undef`
+
+##### `cas_attribute_prefix`
+
+Data type: `Any`
+
+Adds a header with the value of this header being the attribute values when SAML
+validation is enabled.
+
+Default value: `undef`
+
+##### `cas_attribute_delimiter`
+
+Data type: `Any`
+
+Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+
+Default value: `undef`
+
+##### `cas_scrub_request_headers`
+
+Data type: `Any`
+
+Remove inbound request headers that may have special meaning within mod_auth_cas.
+
+Default value: `undef`
+
+##### `suppress_warning`
+
+Data type: `Any`
+
+Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
+
+Default value: `false`
+
+##### `cas_validate_depth`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `cas_certificate_path`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+### apache::mod::auth_gssapi
+
+Installs `mod_auth_gsappi`.
+
+* **See also**
+https://github.com/modauthgssapi/mod_auth_gssapi
+for additional documentation.
+
+### apache::mod::auth_kerb
+
+Installs `mod_auth_kerb`
+
+* **See also**
+http://modauthkerb.sourceforge.net
+for additional documentation.
+
+### apache::mod::auth_mellon
+
+Installs and configures `mod_auth_mellon`.
+
+* **See also**
+https://github.com/Uninett/mod_auth_mellon
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::auth_mellon` class.
+
+##### `mellon_cache_size`
+
+Data type: `Any`
+
+Maximum number of sessions which can be active at once.
+
+Default value: $::apache::params::mellon_cache_size
+
+##### `mellon_lock_file`
+
+Data type: `Any`
+
+Full path to a file used for synchronizing access to the session data.
+
+Default value: $::apache::params::mellon_lock_file
+
+##### `mellon_post_directory`
+
+Data type: `Any`
+
+Full path of a directory where POST requests are saved during authentication.
+
+Default value: $::apache::params::mellon_post_directory
+
+##### `mellon_cache_entry_size`
+
+Data type: `Any`
+
+Maximum size for a single session entry in bytes.
+
+Default value: `undef`
+
+##### `mellon_post_ttl`
+
+Data type: `Any`
+
+Delay in seconds before a saved POST request can be flushed.
+
+Default value: `undef`
+
+##### `mellon_post_size`
+
+Data type: `Any`
+
+Maximum size for saved POST requests.
+
+Default value: `undef`
+
+##### `mellon_post_count`
+
+Data type: `Any`
+
+Maximum amount of saved POST requests.
+
+Default value: `undef`
+
+### apache::mod::authn_core
+
+Installs `mod_authn_core`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_authn_core.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::authn_core` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+The version of apache being run.
+
+Default value: $::apache::apache_version
+
+### apache::mod::authn_dbd
+
+Installs `mod_authn_dbd`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::authn_dbd` class.
+
+##### `authn_dbd_params`
+
+Data type: `Any`
+
+The params needed for the mod to function.
+
+##### `authn_dbd_dbdriver`
+
+Data type: `Any`
+
+Selects an apr_dbd driver by name.
+
+Default value: 'mysql'
+
+##### `authn_dbd_query`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `authn_dbd_min`
+
+Data type: `Any`
+
+Set the minimum number of connections per process.
+
+Default value: '4'
+
+##### `authn_dbd_max`
+
+Data type: `Any`
+
+Set the maximum number of connections per process.
+
+Default value: '20'
+
+##### `authn_dbd_keep`
+
+Data type: `Any`
+
+Set the maximum number of connections per process to be sustained.
+
+Default value: '8'
+
+##### `authn_dbd_exptime`
+
+Data type: `Any`
+
+Set the time to keep idle connections alive when the number of
+connections specified in DBDKeep has been exceeded.
+
+Default value: '300'
+
+##### `authn_dbd_alias`
+
+Data type: `Any`
+
+Sets an alias for `AuthnProvider.
+
+Default value: `undef`
+
+### apache::mod::authn_file
+
+Installs `mod_authn_file`.
+
+* **See also**
+https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html
+for additional documentation.
+
+### apache::mod::authnz_ldap
+
+Installs `mod_authnz_ldap`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::authnz_ldap` class.
+
+##### `verify_server_cert`
+
+Data type: `Boolean`
+
+Whether to force te verification of a server cert or not.
+
+Default value: `true`
+
+##### `package_name`
+
+Data type: `Any`
+
+The name of the ldap package.
+
+Default value: `undef`
+
+### apache::mod::authnz_pam
+
+Installs `mod_authnz_pam`.
+
+* **See also**
+https://www.adelton.com/apache/mod_authnz_pam
+for additional documentation.
+
+### apache::mod::authz_default
+
+Installs and configures `mod_authz_default`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_authz_default.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::authz_default` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+Version of Apache to install module on.
+
+Default value: $::apache::apache_version
+
+### apache::mod::authz_user
+
+Installs `mod_authz_user`
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_authz_user.html
+for additional documentation.
+
+### apache::mod::autoindex
+
+Installs `mod_autoindex`
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_autoindex.html
+for additional documentation.
+
+### apache::mod::cache
+
+Installs `mod_cache`
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_cache.html
+for additional documentation.
+
+### apache::mod::cgi
+
+Installs `mod_cgi`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_cgi.html
+for additional documentation.
+
+### apache::mod::cgid
+
+Installs `mod_cgid`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_cgid.html
+
+### apache::mod::cluster
+
+Installs `mod_cluster`.
+
+* **Note** There is no official package available for mod_cluster, so you must make it available outside of the apache module.
+Binaries can be found [here](https://modcluster.io/).
+
+* **See also**
+https://modcluster.io/
+for additional documentation.
+
+#### Examples
+
+#####
+
+```puppet
+class { '::apache::mod::cluster':
+ ip => '172.17.0.1',
+ allowed_network => '172.17.0.',
+ balancer_name => 'mycluster',
+ version => '1.3.1'
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::cluster` class.
+
+##### `allowed_network`
+
+Data type: `Any`
+
+Balanced members network.
+
+##### `balancer_name`
+
+Data type: `Any`
+
+Name of balancer.
+
+##### `ip`
+
+Data type: `Any`
+
+Specifies the IP address to listen to.
+
+##### `version`
+
+Data type: `Any`
+
+Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
+
+##### `enable_mcpm_receive`
+
+Data type: `Any`
+
+Whether MCPM should be enabled.
+
+Default value: `true`
+
+##### `port`
+
+Data type: `Any`
+
+mod_cluster listen port.
+
+Default value: '6666'
+
+##### `keep_alive_timeout`
+
+Data type: `Any`
+
+Specifies how long Apache should wait for a request, in seconds.
+
+Default value: 60
+
+##### `manager_allowed_network`
+
+Data type: `Any`
+
+Whether to allow the network to access the mod_cluster_manager.
+
+Default value: '127.0.0.1'
+
+##### `max_keep_alive_requests`
+
+Data type: `Any`
+
+Maximum number of requests kept alive.
+
+Default value: 0
+
+##### `server_advertise`
+
+Data type: `Any`
+
+Whether the server should advertise.
+
+Default value: `true`
+
+##### `advertise_frequency`
+
+Data type: `Any`
+
+Sets the interval between advertise messages in seconds.
+
+Default value: `undef`
+
+### apache::mod::data
+
+Installs and configures `mod_data`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_data.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::data` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+Version of Apache to install module on.
+
+Default value: `undef`
+
+### apache::mod::dav
+
+Installs `mod_dav`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_dav.html
+for additional documentation.
+
+### apache::mod::dav_fs
+
+Installs `mod_dav_fs`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_dav_fs.html
+for additional documentation.
+
+### apache::mod::dav_svn
+
+Installs and configures `mod_dav_svn`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_dav_svn.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::dav_svn` class.
+
+##### `authz_svn_enabled`
+
+Data type: `Any`
+
+Specifies whether to install Apache mod_authz_svn
+
+Default value: `false`
+
+### apache::mod::dbd
+
+Installs `mod_dbd`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_dbd.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::dbd` class.
+
+##### `apache_version`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+### apache::mod::deflate
+
+Installs and configures `mod_deflate`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_deflate.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::deflate` class.
+
+##### `types`
+
+Data type: `Any`
+
+An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
+
+Default value: [
+ 'text/html text/plain text/xml',
+ 'text/css',
+ 'application/x-javascript application/javascript application/ecmascript',
+ 'application/rss+xml',
+ 'application/json',
+ ]
+
+##### `notes`
+
+Data type: `Any`
+
+A Hash where the key represents the type and the value represents the note name.
+
+Default value: {
+ 'Input' => 'instream',
+ 'Output' => 'outstream',
+ 'Ratio' => 'ratio',
+ }
+
+### apache::mod::dev
+
+Installs `mod_dev`.
+
+* **Note** This module is deprecated. Please use `apache::dev`.
+
+### apache::mod::dir
+
+Installs and configures `mod_dir`.
+
+* **TODO** This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare
+DirectoryIndex statements in a vhost configuration
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_dir.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::dir` class.
+
+##### `types`
+
+Specifies the text-based content types to compress.
+
+##### `indexes`
+
+Data type: `Array[String]`
+
+Provides a string for the DirectoryIndex directive
+
+Default value: ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml']
+
+##### `dir`
+
+Data type: `Any`
+
+
+
+Default value: 'public_html'
+
+### apache::mod::disk_cache
+
+Installs and configures `mod_disk_cache`.
+
+* **Note** Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
+
+* **See also**
+https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::disk_cache` class.
+
+##### `cache_root`
+
+Data type: `Any`
+
+Defines the name of the directory on the disk to contain cache files.
+Default depends on the Apache version and operating system:
+- Debian: /var/cache/apache2/mod_cache_disk
+- FreeBSD: /var/cache/mod_cache_disk
+- Red Hat, Apache 2.4: /var/cache/httpd/proxy
+- Red Hat, Apache 2.2: /var/cache/mod_proxy
+
+Default value: `undef`
+
+##### `cache_ignore_headers`
+
+Data type: `Any`
+
+Specifies HTTP header(s) that should not be stored in the cache.
+
+Default value: `undef`
+
+### apache::mod::dumpio
+
+Installs and configures `mod_dumpio`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_dumpio.html
+for additional documentation.
+
+#### Examples
+
+#####
+
+```puppet
+class{'apache':
+ default_mods => false,
+ log_level => 'dumpio:trace7',
+}
+class{'apache::mod::dumpio':
+ dump_io_input => 'On',
+ dump_io_output => 'Off',
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::dumpio` class.
+
+##### `dump_io_input`
+
+Data type: `Enum['Off', 'On', 'off', 'on']`
+
+Dump all input data to the error log
+
+Default value: 'Off'
+
+##### `dump_io_output`
+
+Data type: `Enum['Off', 'On', 'off', 'on']`
+
+Dump all output data to the error log
+
+Default value: 'Off'
+
+### apache::mod::env
+
+Installs `mod_env`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_env.html
+for additional documentation.
+
+### apache::mod::event
+
+Installs and configures `mod_event`.
+
+* **Note** You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or
+apache::mod::worker on the same server.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/event.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::event` class.
+
+##### `startservers`
+
+Data type: `Any`
+
+Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false`
+removes the parameter.
+
+Default value: '2'
+
+##### `maxclients`
+
+Data type: `Any`
+
+Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.
+
+Default value: '150'
+
+##### `maxrequestworkers`
+
+Data type: `Any`
+
+Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting
+these to `false` removes the parameters.
+
+Default value: `undef`
+
+##### `minsparethreads`
+
+Data type: `Any`
+
+Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.
+
+Default value: '25'
+
+##### `maxsparethreads`
+
+Data type: `Any`
+
+Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.
+
+Default value: '75'
+
+##### `threadsperchild`
+
+Data type: `Any`
+
+Number of threads created by each child process.
+
+Default value: '25'
+
+##### `maxrequestsperchild`
+
+Data type: `Any`
+
+Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.
+
+Default value: '0'
+
+##### `maxconnectionsperchild`
+
+Data type: `Any`
+
+Limit on the number of connections that an individual child server will handle during its life.
+
+Default value: `undef`
+
+##### `serverlimit`
+
+Data type: `Any`
+
+Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.
+
+Default value: '25'
+
+##### `apache_version`
+
+Data type: `Any`
+
+Version of Apache to install module on.
+
+Default value: `undef`
+
+##### `threadlimit`
+
+Data type: `Any`
+
+Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.
+
+Default value: '64'
+
+##### `listenbacklog`
+
+Data type: `Any`
+
+Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes
+the parameter.
+
+Default value: '511'
+
+### apache::mod::expires
+
+Installs and configures `mod_expires`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_expires.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::expires` class.
+
+##### `expires_active`
+
+Data type: `Any`
+
+Enables generation of Expires headers.
+
+Default value: `true`
+
+##### `expires_default`
+
+Data type: `Any`
+
+Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
+
+Default value: `undef`
+
+##### `expires_by_type`
+
+Data type: `Any`
+
+Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration
+times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its
+value following valid interval syntax.
+
+Default value: `undef`
+
+### apache::mod::ext_filter
+
+Installs and configures `mod_ext_filter`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_ext_filter.html
+for additional documentation.
+
+#### Examples
+
+#####
+
+```puppet
+class { 'apache::mod::ext_filter':
+ ext_filter_define => {
+ 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',
+ 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
+ },
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::ext_filter` class.
+
+##### `ext_filter_define`
+
+Data type: `Optional[Hash]`
+
+Hash of filter names and their parameters.
+
+Default value: `undef`
+
+### apache::mod::fastcgi
+
+Installs `mod_fastcgi`.
+
+* **See also**
+https://github.com/FastCGI-Archives/mod_fastcgi
+for additional documentation.
+
+### apache::mod::fcgid
+
+loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.
+ include apache::mod::fcgid
+
+ apache::vhost { 'example.org':
+ docroot => '/var/www/html',
+ directories => {
+ path => '/var/www/html',
+ fcgiwrapper => {
+ command => '/usr/local/bin/fcgiwrapper',
+ }
+ },
+ }
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_fcgid.html
+for additional documentation.
+
+#### Examples
+
+##### The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
+
+```puppet
+class { 'apache::mod::fcgid':
+ options => {
+ 'FcgidIPCDir' => '/var/run/fcgidsock',
+ 'SharememPath' => '/var/run/fcgid_shm',
+ 'AddHandler' => 'fcgid-script .fcgi',
+ },
+}
+```
+
+##### If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be
+
+```puppet
+
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::fcgid` class.
+
+##### `expires_active`
+
+Enables generation of Expires headers.
+
+##### `expires_default`
+
+Default algorithm for calculating expiration time.
+
+##### `expires_by_type`
+
+Value of the Expires header configured by MIME type.
+
+##### `options`
+
+Data type: `Any`
+
+
+
+Default value: {}
+
+### apache::mod::filter
+
+Installs `mod_filter`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_filter.html
+for additional documentation.
+
+### apache::mod::geoip
+
+Installs and configures `mod_geoip`.
+
+* **See also**
+https://dev.maxmind.com/geoip/legacy/mod_geoip2
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::geoip` class.
+
+##### `enable`
+
+Data type: `Any`
+
+Toggles whether to enable geoip.
+
+Default value: `false`
+
+##### `db_file`
+
+Data type: `Any`
+
+Path to database for GeoIP to use.
+
+Default value: '/usr/share/GeoIP/GeoIP.dat'
+
+##### `flag`
+
+Data type: `Any`
+
+Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
+
+Default value: 'Standard'
+
+##### `output`
+
+Data type: `Any`
+
+Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
+
+Default value: 'All'
+
+##### `enable_utf8`
+
+Data type: `Any`
+
+Changes the output from ISO88591 (Latin1) to UTF8.
+
+Default value: `undef`
+
+##### `scan_proxy_headers`
+
+Data type: `Any`
+
+Enables the GeoIPScanProxyHeaders option.
+
+Default value: `undef`
+
+##### `scan_proxy_headers_field`
+
+Specifies the header mod_geoip uses to determine the client's IP address.
+
+##### `use_last_xforwarededfor_ip`
+
+Data type: `Any`
+
+Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
+
+Default value: `undef`
+
+##### `scan_proxy_header_field`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+### apache::mod::headers
+
+Installs and configures `mod_headers`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_headers.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::headers` class.
+
+##### `apache_version`
+
+Version of Apache to install module on.
+
+### apache::mod::http2
+
+Installs and configures `mod_http2`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_http2.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::http2` class.
+
+##### `h2_copy_files`
+
+Data type: `Optional[Boolean]`
+
+Determine file handling in responses.
+
+Default value: `undef`
+
+##### `h2_direct`
+
+Data type: `Optional[Boolean]`
+
+H2 Direct Protocol Switch.
+
+Default value: `undef`
+
+##### `h2_early_hints`
+
+Data type: `Optional[Boolean]`
+
+Determine sending of 103 status codes.
+
+Default value: `undef`
+
+##### `h2_max_session_streams`
+
+Data type: `Optional[Integer]`
+
+Sets maximum number of active streams per HTTP/2 session.
+
+Default value: `undef`
+
+##### `h2_max_worker_idle_seconds`
+
+Data type: `Optional[Integer]`
+
+Sets maximum number of seconds h2 workers remain idle until shut down.
+
+Default value: `undef`
+
+##### `h2_max_workers`
+
+Data type: `Optional[Integer]`
+
+Sets maximum number of worker threads to use per child process.
+
+Default value: `undef`
+
+##### `h2_min_workers`
+
+Data type: `Optional[Integer]`
+
+Sets minimal number of worker threads to use per child process.
+
+Default value: `undef`
+
+##### `h2_modern_tls_only`
+
+Data type: `Optional[Boolean]`
+
+Toggles the security checks on HTTP/2 connections in TLS mode
+
+Default value: `undef`
+
+##### `h2_push`
+
+Data type: `Optional[Boolean]`
+
+Toggles the usage of the HTTP/2 server push protocol feature.
+
+Default value: `undef`
+
+##### `h2_push_diary_size`
+
+Data type: `Optional[Integer]`
+
+Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.
+
+Default value: `undef`
+
+##### `h2_priority`
+
+Require HTTP/2 connections to be "modern TLS" only
+
+##### `h2_push_resource`
+
+Data type: `Array[String]`
+
+When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added
+via this directive
+
+Default value: []
+
+##### `h2_serialize_headers`
+
+Data type: `Optional[Boolean]`
+
+Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd
+core or if received binary data shall be passed into the request_recs directly.
+
+Default value: `undef`
+
+##### `h2_stream_max_mem_size`
+
+Data type: `Optional[Integer]`
+
+Sets the maximum number of outgoing data bytes buffered in memory for an active streams.
+
+Default value: `undef`
+
+##### `h2_tls_cool_down_secs`
+
+Data type: `Optional[Integer]`
+
+Sets the number of seconds of idle time on a TLS connection before the TLS write size falls
+back to small (~1300 bytes) length.
+
+Default value: `undef`
+
+##### `h2_tls_warm_up_size`
+
+Data type: `Optional[Integer]`
+
+Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum
+sized writes (16k) on https: HTTP/2 connections.
+
+Default value: `undef`
+
+##### `h2_upgrade`
+
+Data type: `Optional[Boolean]`
+
+Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.
+
+Default value: `undef`
+
+##### `h2_window_size`
+
+Data type: `Optional[Integer]`
+
+Sets the size of the window that is used for flow control from client to server and limits
+the amount of data the server has to buffer.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Optional[String]`
+
+Version of Apache to install module on.
+
+Default value: `undef`
+
+##### `h2_push_priority`
+
+Data type: `Array[String]`
+
+
+
+Default value: []
+
+### apache::mod::include
+
+Installs `mod_include`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_include.html
+for additional documentation.
+
+### apache::mod::info
+
+Installs and configures `mod_info`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_info.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::info` class.
+
+##### `allow_from`
+
+Data type: `Any`
+
+Whitelist of IPv4 or IPv6 addresses or ranges that can access the info path.
+
+Default value: ['127.0.0.1','::1']
+
+##### `apache_version`
+
+Data type: `Any`
+
+Version of Apache to install module on.
+
+Default value: `undef`
+
+##### `restrict_access`
+
+Data type: `Any`
+
+Toggles whether to restrict access to info path. If `false`, the `allow_from` whitelist is ignored and any IP address can
+access the info path.
+
+Default value: `true`
+
+##### `info_path`
+
+Data type: `Any`
+
+Path on server to file containing server configuration information.
+
+Default value: '/server-info'
+
+### apache::mod::intercept_form_submit
+
+Installs `mod_intercept_form_submit`.
+
+* **See also**
+https://www.adelton.com/apache/mod_intercept_form_submit
+for additional documentation.
+
+### apache::mod::itk
+
+Installs MPM `mod_itk`.
+
+* **See also**
+http://mpm-itk.sesse.net
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::itk` class.
+
+##### `startservers`
+
+Data type: `Any`
+
+Number of child server processes created on startup.
+
+Default value: '8'
+
+##### `minspareservers`
+
+Data type: `Any`
+
+Minimum number of idle child server processes.
+
+Default value: '5'
+
+##### `maxspareservers`
+
+Data type: `Any`
+
+Maximum number of idle child server processes.
+
+Default value: '20'
+
+##### `serverlimit`
+
+Data type: `Any`
+
+Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process.
+
+Default value: '256'
+
+##### `maxclients`
+
+Data type: `Any`
+
+Limit on the number of simultaneous requests that will be served.
+
+Default value: '256'
+
+##### `maxrequestsperchild`
+
+Data type: `Any`
+
+Limit on the number of connections that an individual child server process will handle.
+
+Default value: '4000'
+
+##### `enablecapabilities`
+
+Data type: `Any`
+
+Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra
+capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor
+capabilities, such as NFS.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+### apache::mod::jk
+
+Installs `mod_jk`.
+
+* **Note** shm_file and log_file
+Depending on how these files are specified, the class creates their final path differently:
+
+Relative path: prepends supplied path with logroot (see below)
+Absolute path or pipe: uses supplied path as-is
+
+```
+shm_file => 'shm_file'
+# Ends up in
+$shm_path = '/var/log/httpd/shm_file'
+
+shm_file => '/run/shm_file'
+# Ends up in
+$shm_path = '/run/shm_file'
+
+shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
+# Ends up in
+$shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
+```
+
+* **See also**
+https://tomcat.apache.org/connectors-doc/reference/apache.html
+for additional documentation.
+
+#### Examples
+
+#####
+
+```puppet
+class { '::apache::mod::jk':
+ ip => '192.168.2.15',
+ workers_file => 'conf/workers.properties',
+ mount_file => 'conf/uriworkermap.properties',
+ shm_file => 'run/jk.shm',
+ shm_size => '50M',
+ workers_file_content => {
+
+ },
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::jk` class.
+
+##### `ip`
+
+Data type: `Optional[String]`
+
+IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.
+
+Default value: `undef`
+
+##### `port`
+
+Data type: `Integer`
+
+Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then
+needs to forward them to Apache at a different port.
+
+Default value: 80
+
+##### `add_listen`
+
+Data type: `Boolean`
+
+Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination
+and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one
+necessary for mod_jk binding.
+
+Default value: `true`
+
+##### `workers_file`
+
+Data type: `Any`
+
+The name of a worker file for the Tomcat servlet containers.
+
+Default value: `undef`
+
+##### `worker_property`
+
+Data type: `Any`
+
+Enables setting worker properties inside Apache configuration file.
+
+Default value: {}
+
+##### `logroot`
+
+Data type: `Any`
+
+The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to
+apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.
+
+Default value: `undef`
+
+##### `shm_file`
+
+Data type: `Any`
+
+Shared memory file name.
+
+Default value: 'jk-runtime-status'
+
+##### `shm_size`
+
+Data type: `Any`
+
+Size of the shared memory file name.
+
+Default value: `undef`
+
+##### `mount_file`
+
+Data type: `Any`
+
+File containing multiple mappings from a context to a Tomcat worker.
+
+Default value: `undef`
+
+##### `mount_file_reload`
+
+Data type: `Any`
+
+This directive configures the reload check interval in seconds.
+
+Default value: `undef`
+
+##### `mount`
+
+Data type: `Any`
+
+A mount point from a context to a Tomcat worker.
+
+Default value: {}
+
+##### `un_mount`
+
+Data type: `Any`
+
+An exclusion mount point from a context to a Tomcat worker.
+
+Default value: {}
+
+##### `auto_alias`
+
+Data type: `Any`
+
+Automatically Alias webapp context directories into the Apache document space
+
+Default value: `undef`
+
+##### `mount_copy`
+
+Data type: `Any`
+
+If this directive is set to "On" in some virtual server, the mounts from the global server will be copied
+to this virtual server, more precisely all mounts defined by JkMount or JkUnMount.
+
+Default value: `undef`
+
+##### `worker_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that can be used to set worker names in combination with SetHandler
+jakarta-servlet.
+
+Default value: `undef`
+
+##### `watchdog_interval`
+
+Data type: `Any`
+
+This directive configures the watchdog thread interval in seconds.
+
+Default value: `undef`
+
+##### `log_file`
+
+Data type: `Any`
+
+Full or server relative path to the mod_jk log file.
+
+Default value: 'mod_jk.log'
+
+##### `log_level`
+
+Data type: `Any`
+
+The mod_jk log level, can be debug, info, warn error or trace.
+
+Default value: `undef`
+
+##### `log_stamp_format`
+
+Data type: `Any`
+
+The mod_jk date log format, using an extended strftime syntax.
+
+Default value: `undef`
+
+##### `request_log_format`
+
+Data type: `Any`
+
+Request log format string.
+
+Default value: `undef`
+
+##### `extract_ssl`
+
+Data type: `Any`
+
+Turns on SSL processing and information gathering by mod_jk.
+
+Default value: `undef`
+
+##### `https_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that contains SSL indication.
+
+Default value: `undef`
+
+##### `sslprotocol_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that contains the SSL protocol name.
+
+Default value: `undef`
+
+##### `certs_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that contains SSL client certificates.
+
+Default value: `undef`
+
+##### `cipher_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that contains SSL client cipher.
+
+Default value: `undef`
+
+##### `certchain_prefix`
+
+Data type: `Any`
+
+Name of the Apache environment (prefix) that contains SSL client chain certificates.
+
+Default value: `undef`
+
+##### `session_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that contains SSL session.
+
+Default value: `undef`
+
+##### `keysize_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable that contains SSL key size in use.
+
+Default value: `undef`
+
+##### `local_name_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded local name.
+
+Default value: `undef`
+
+##### `ignore_cl_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which forces to ignore an existing Content-Length request header.
+
+Default value: `undef`
+
+##### `local_addr_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded local IP address.
+
+Default value: `undef`
+
+##### `local_port_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded local port.
+
+Default value: `undef`
+
+##### `remote_host_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name.
+
+Default value: `undef`
+
+##### `remote_addr_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.
+
+Default value: `undef`
+
+##### `remote_port_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.
+
+Default value: `undef`
+
+##### `remote_user_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded user name.
+
+Default value: `undef`
+
+##### `auth_type_indicator`
+
+Data type: `Any`
+
+Name of the Apache environment variable which can be used to overwrite the forwarded authentication type.
+
+Default value: `undef`
+
+##### `options`
+
+Data type: `Any`
+
+Set one of more options to configure the mod_jk module.
+
+Default value: []
+
+##### `env_var`
+
+Data type: `Any`
+
+Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute.
+
+Default value: {}
+
+##### `strip_session`
+
+Data type: `Any`
+
+If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not
+forwarded but instead are handled by the local server.
+
+Default value: `undef`
+
+##### `workers_file_content`
+
+Data type: `Any`
+
+Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies
+workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and
+'worker.maintain' For example, the workers file below should be parameterized as follows:
+
+Worker file:
+```
+worker.list = status
+worker.list = some_name,other_name
+
+worker.maintain = 60
+
+# Optional comment
+worker.some_name.type=ajp13
+worker.some_name.socket_keepalive=true
+
+# I just like comments
+worker.other_name.type=ajp12 (why would you?)
+worker.other_name.socket_keepalive=false
+```
+
+Puppet file:
+```
+$workers_file_content = {
+ worker_lists => ['status', 'some_name,other_name'],
+ worker_maintain => '60',
+ some_name => {
+ comment => 'Optional comment',
+ type => 'ajp13',
+ socket_keepalive => 'true',
+ },
+ other_name => {
+ comment => 'I just like comments',
+ type => 'ajp12',
+ socket_keepalive => 'false',
+ },
+}
+```
+
+Default value: {}
+
+##### `mount_file_content`
+
+Data type: `Any`
+
+Each directive has the format = . This maps as a hash of hashes, where the outer hash specifies workers, and
+each inner hash contains two items:
+- uri_list—an array with URIs to be mapped to the worker
+- comment—an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2:
+
+Worker file:
+```
+# Worker 1
+/context_1/ = worker_1
+/context_1/* = worker_1
+
+# Worker 2
+/ = worker_2
+/context_2/ = worker_2
+/context_2/* = worker_2
+```
+
+Puppet file:
+```
+$mount_file_content = {
+ worker_1 => {
+ uri_list => ['/context_1/', '/context_1/*'],
+ comment => 'Worker 1',
+ },
+ worker_2 => {
+ uri_list => ['/context_2/', '/context_2/*'],
+ comment => 'Worker 2',
+ },
+},
+```
+
+Default value: {}
+
+##### `location_list`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+### apache::mod::ldap
+
+Installs and configures `mod_ldap`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_ldap.html
+for additional documentation.
+
+#### Examples
+
+#####
+
+```puppet
+class { 'apache::mod::ldap':
+ ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
+ ldap_trusted_global_cert_type => 'CA_DER',
+ ldap_trusted_mode => 'TLS',
+ ldap_shared_cache_size => '500000',
+ ldap_cache_entries => '1024',
+ ldap_cache_ttl => '600',
+ ldap_opcache_entries => '1024',
+ ldap_opcache_ttl => '600',
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::ldap` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+##### `package_name`
+
+Data type: `Any`
+
+Specifies the custom package name.
+
+Default value: `undef`
+
+##### `ldap_trusted_global_cert_file`
+
+Data type: `Any`
+
+Sets the file or database containing global trusted Certificate Authority or global client certificates.
+
+Default value: `undef`
+
+##### `ldap_trusted_global_cert_type`
+
+Data type: `Optional[String]`
+
+Sets the the certificate parameter of the global trusted Certificate Authority or global client certificates.
+
+Default value: 'CA_BASE64'
+
+##### `ldap_shared_cache_size`
+
+Data type: `Any`
+
+Size in bytes of the shared-memory cache
+
+Default value: `undef`
+
+##### `ldap_cache_entries`
+
+Data type: `Any`
+
+Maximum number of entries in the primary LDAP cache
+
+Default value: `undef`
+
+##### `ldap_cache_ttl`
+
+Data type: `Any`
+
+Time that cached items remain valid (in seconds).
+
+Default value: `undef`
+
+##### `ldap_opcache_entries`
+
+Data type: `Any`
+
+Number of entries used to cache LDAP compare operations
+
+Default value: `undef`
+
+##### `ldap_opcache_ttl`
+
+Data type: `Any`
+
+Time that entries in the operation cache remain valid (in seconds).
+
+Default value: `undef`
+
+##### `ldap_trusted_mode`
+
+Data type: `Any`
+
+Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
+
+Default value: `undef`
+
+### apache::mod::lookup_identity
+
+Installs `mod_lookup_identity`
+
+* **See also**
+https://www.adelton.com/apache/mod_lookup_identity
+for additional documentation.
+
+### apache::mod::macro
+
+Installs `mod_macro`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_macro.html
+for additional documentation.
+
+### apache::mod::mime
+
+Installs and configures `mod_mime`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_mime.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::mime` class.
+
+##### `mime_support_package`
+
+Data type: `Any`
+
+Name of the MIME package to be installed.
+
+Default value: $::apache::params::mime_support_package
+
+##### `mime_types_config`
+
+Data type: `Any`
+
+The location of the mime.types file.
+
+Default value: $::apache::params::mime_types_config
+
+##### `mime_types_additional`
+
+Data type: `Any`
+
+List of additional MIME types to include.
+
+Default value: `undef`
+
+### apache::mod::mime_magic
+
+Installs and configures `mod_mime_magic`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_mime_magic.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::mime_magic` class.
+
+##### `magic_file`
+
+Data type: `Any`
+
+Enable MIME-type determination based on file contents using the specified magic file.
+
+Default value: `undef`
+
+### apache::mod::negotiation
+
+Installs and configures `mod_negotiation`.
+
+* **See also**
+[https://httpd.apache.org/docs/current/mod/mod_negotiation.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::negotiation` class.
+
+##### `force_language_priority`
+
+Data type: `Variant[Array[String], String]`
+
+Action to take if a single acceptable document is not found.
+
+Default value: 'Prefer Fallback'
+
+##### `language_priority`
+
+Data type: `Variant[Array[String], String]`
+
+The precedence of language variants for cases where the client does not express a preference.
+
+Default value: [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
+ 'fr', 'he', 'hr', 'it', 'ja', 'ko', 'ltz', 'nl', 'nn',
+ 'no', 'pl', 'pt', 'pt-BR', 'ru', 'sv', 'zh-CN',
+ 'zh-TW' ]
+
+### apache::mod::nss
+
+Installs and configures `mod_nss`.
+
+* **See also**
+https://pagure.io/mod_nss
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::nss` class.
+
+##### `transfer_log`
+
+Data type: `Any`
+
+Path to `access.log`.
+
+Default value: "${::apache::params::logroot}/access.log"
+
+##### `error_Log`
+
+Path to `error.log`
+
+##### `passwd_file`
+
+Data type: `Any`
+
+Path to file containing token passwords used for NSSPassPhraseDialog.
+
+Default value: `undef`
+
+##### `port`
+
+Data type: `Any`
+
+Sets the SSL port that should be used by mod_nss.
+
+Default value: 8443
+
+##### `error_log`
+
+Data type: `Any`
+
+
+
+Default value: "${::apache::params::logroot}/error.log"
+
+### apache::mod::pagespeed
+
+Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to
+automatically install the package. If you declare this class when the package is either not installed or not available to your
+package manager, your Puppet run will fail.
+
+* **TODO** Add docs
+
+* **Note** Verify that your system is compatible with the latest Google Pagespeed requirements.
+
+* **See also**
+https://developers.google.com/speed/pagespeed/module/
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::pagespeed` class.
+
+##### `inherit_vhost_config`
+
+Data type: `Any`
+
+
+
+Default value: 'on'
+
+##### `filter_xhtml`
+
+Data type: `Any`
+
+
+
+Default value: `false`
+
+##### `cache_path`
+
+Data type: `Any`
+
+
+
+Default value: '/var/cache/mod_pagespeed/'
+
+##### `log_dir`
+
+Data type: `Any`
+
+
+
+Default value: '/var/log/pagespeed'
+
+##### `memcache_servers`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `rewrite_level`
+
+Data type: `Any`
+
+
+
+Default value: 'CoreFilters'
+
+##### `disable_filters`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `enable_filters`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `forbid_filters`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `rewrite_deadline_per_flush_ms`
+
+Data type: `Any`
+
+
+
+Default value: 10
+
+##### `additional_domains`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `file_cache_size_kb`
+
+Data type: `Any`
+
+
+
+Default value: 102400
+
+##### `file_cache_clean_interval_ms`
+
+Data type: `Any`
+
+
+
+Default value: 3600000
+
+##### `lru_cache_per_process`
+
+Data type: `Any`
+
+
+
+Default value: 1024
+
+##### `lru_cache_byte_limit`
+
+Data type: `Any`
+
+
+
+Default value: 16384
+
+##### `css_flatten_max_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 2048
+
+##### `css_inline_max_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 2048
+
+##### `css_image_inline_max_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 2048
+
+##### `image_inline_max_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 2048
+
+##### `js_inline_max_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 2048
+
+##### `css_outline_min_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 3000
+
+##### `js_outline_min_bytes`
+
+Data type: `Any`
+
+
+
+Default value: 3000
+
+##### `inode_limit`
+
+Data type: `Any`
+
+
+
+Default value: 500000
+
+##### `image_max_rewrites_at_once`
+
+Data type: `Any`
+
+
+
+Default value: 8
+
+##### `num_rewrite_threads`
+
+Data type: `Any`
+
+
+
+Default value: 4
+
+##### `num_expensive_rewrite_threads`
+
+Data type: `Any`
+
+
+
+Default value: 4
+
+##### `collect_statistics`
+
+Data type: `Any`
+
+
+
+Default value: 'on'
+
+##### `statistics_logging`
+
+Data type: `Any`
+
+
+
+Default value: 'on'
+
+##### `allow_view_stats`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `allow_pagespeed_console`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `allow_pagespeed_message`
+
+Data type: `Any`
+
+
+
+Default value: []
+
+##### `message_buffer_size`
+
+Data type: `Any`
+
+
+
+Default value: 100000
+
+##### `additional_configuration`
+
+Data type: `Any`
+
+
+
+Default value: {}
+
+##### `apache_version`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `package_ensure`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+### apache::mod::passenger
+
+The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings
+and removal failure messages, set the passenger_installed_version to the version number installed on the server.
+
+Change Log:
+ - As of 08/13/2017 there are 84 available/deprecated/removed settings.
+ - Around 08/20/2017 UnionStation was discontinued options were removed.
+ - As of 08/20/2017 there are 77 available/deprecated/removed settings.
+
+* **Note** In Passenger source code you can strip out what are all the available options by looking in
+ - src/apache2_module/Configuration.cpp
+ - src/apache2_module/ConfigurationCommands.cpp
+There are also several undocumented settings.
+
+* **See also**
+https://www.phusionpassenger.com/library/config/apache/reference/
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::passenger` class.
+
+##### `manage_repo`
+
+Data type: `Any`
+
+Toggle whether to manage yum repo if on a RedHat node.
+
+Default value: `true`
+
+##### `mod_id`
+
+Data type: `Any`
+
+Specifies the package id.
+
+Default value: `undef`
+
+##### `mod_lib`
+
+Data type: `Any`
+
+Defines the module's shared object name. Do not configure manually without special reason.
+
+Default value: `undef`
+
+##### `mod_lib_path`
+
+Data type: `Any`
+
+Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides
+this value.
+
+Default value: `undef`
+
+##### `mod_package`
+
+Data type: `Any`
+
+Name of the module package to install.
+
+Default value: `undef`
+
+##### `mod_package_ensure`
+
+Data type: `Any`
+
+Determines whether Puppet ensures the module should be installed.
+
+Default value: `undef`
+
+##### `mod_path`
+
+Data type: `Any`
+
+Specifies a path to the module. Do not manually set this parameter without a special reason.
+
+Default value: `undef`
+
+##### `passenger_allow_encoded_slashes`
+
+Data type: `Any`
+
+Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).
+
+Default value: `undef`
+
+##### `passenger_app_env`
+
+Data type: `Any`
+
+This option sets, for the current application, the value of the following environment variables:
+- RAILS_ENV
+- RACK_ENV
+- WSGI_ENV
+- NODE_ENV
+- PASSENGER_APP_ENV
+
+Default value: `undef`
+
+##### `passenger_app_group_name`
+
+Data type: `Any`
+
+Sets the name of the application group that the current application should belong to.
+
+Default value: `undef`
+
+##### `passenger_app_root`
+
+Data type: `Any`
+
+Path to the application root which allows access independent from the DocumentRoot.
+
+Default value: `undef`
+
+##### `passenger_app_type`
+
+Data type: `Any`
+
+Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will
+not properly recognize your application.
+
+Default value: `undef`
+
+##### `passenger_base_uri`
+
+Data type: `Any`
+
+Used to specify that the given URI is an distinct application that should be served by Passenger.
+
+Default value: `undef`
+
+##### `passenger_buffer_response`
+
+Data type: `Any`
+
+Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.
+
+Default value: `undef`
+
+##### `passenger_buffer_upload`
+
+Data type: `Any`
+
+Toggle whether HTTP client request bodies are buffered before they are sent to the application.
+
+Default value: `undef`
+
+##### `passenger_concurrency_model`
+
+Data type: `Any`
+
+Specifies the I/O concurrency model that should be used for Ruby application processes.
+
+Default value: `undef`
+
+##### `passenger_conf_file`
+
+Data type: `Any`
+
+
+
+Default value: $::apache::params::passenger_conf_file
+
+##### `passenger_conf_package_file`
+
+Data type: `Any`
+
+
+
+Default value: $::apache::params::passenger_conf_package_file
+
+##### `passenger_data_buffer_dir`
+
+Data type: `Any`
+
+Specifies the directory in which to store data buffers.
+
+Default value: `undef`
+
+##### `passenger_debug_log_file`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `passenger_debugger`
+
+Data type: `Any`
+
+Turns support for Ruby application debugging on or off.
+
+Default value: `undef`
+
+##### `passenger_default_group`
+
+Data type: `Any`
+
+Allows you to specify the group that applications must run as, if user switching fails or is disabled.
+
+Default value: `undef`
+
+##### `passenger_default_ruby`
+
+Data type: `Any`
+
+File path to desired ruby interpreter to use by default.
+
+Default value: $::apache::params::passenger_default_ruby
+
+##### `passenger_default_user`
+
+Data type: `Any`
+
+Allows you to specify the user that applications must run as, if user switching fails or is disabled.
+
+Default value: `undef`
+
+##### `passenger_disable_security_update_check`
+
+Data type: `Any`
+
+Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important
+security updates that might be available.
+
+Default value: `undef`
+
+##### `passenger_enabled`
+
+Data type: `Any`
+
+Toggles whether Passenger should be enabled for that particular context.
+
+Default value: `undef`
+
+##### `passenger_error_override`
+
+Data type: `Any`
+
+Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher.
+
+Default value: `undef`
+
+##### `passenger_file_descriptor_log_file`
+
+Data type: `Any`
+
+Log file descriptor debug tracing messages to the given file.
+
+Default value: `undef`
+
+##### `passenger_fly_with`
+
+Data type: `Any`
+
+Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the
+given socket filename.
+
+Default value: `undef`
+
+##### `passenger_force_max_concurrent_requests_per_process`
+
+Data type: `Any`
+
+Use this option to tell Passenger how many concurrent requests the application can handle per process.
+
+Default value: `undef`
+
+##### `passenger_friendly_error_pages`
+
+Data type: `Any`
+
+Toggles whether Passenger should display friendly error pages whenever an application fails to start.
+
+Default value: `undef`
+
+##### `passenger_group`
+
+Data type: `Any`
+
+Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the
+startup file.
+
+Default value: `undef`
+
+##### `passenger_high_performance`
+
+Data type: `Any`
+
+Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced
+compatibility with other Apache modules.
+
+Default value: `undef`
+
+##### `passenger_installed_version`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `passenger_instance_registry_dir`
+
+Data type: `Any`
+
+Specifies the directory that Passenger should use for registering its current instance.
+
+Default value: `undef`
+
+##### `passenger_load_shell_envvars`
+
+Data type: `Any`
+
+Enables or disables the loading of shell environment variables before spawning the application.
+
+Default value: `undef`
+
+##### `passenger_log_file`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+File path to log file. By default Passenger log messages are written to the Apache global error log.
+
+Default value: `undef`
+
+##### `passenger_log_level`
+
+Data type: `Any`
+
+Specifies how much information Passenger should log to its log file. A higher log level value means that more
+information will be logged.
+
+Default value: `undef`
+
+##### `passenger_lve_min_uid`
+
+Data type: `Any`
+
+When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options
+tells the check to only allow processes with UIDs equal to, or higher than, the specified value.
+
+Default value: `undef`
+
+##### `passenger_max_instances`
+
+Data type: `Any`
+
+The maximum number of application processes that may simultaneously exist for an application.
+
+Default value: `undef`
+
+##### `passenger_max_instances_per_app`
+
+Data type: `Any`
+
+The maximum number of application processes that may simultaneously exist for a single application.
+
+Default value: `undef`
+
+##### `passenger_max_pool_size`
+
+Data type: `Any`
+
+The maximum number of application processes that may simultaneously exist.
+
+Default value: `undef`
+
+##### `passenger_max_preloader_idle_time`
+
+Data type: `Any`
+
+Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.
+
+Default value: `undef`
+
+##### `passenger_max_request_queue_size`
+
+Data type: `Any`
+
+Specifies the maximum size for the queue of all incoming requests.
+
+Default value: `undef`
+
+##### `passenger_max_request_time`
+
+Data type: `Any`
+
+The maximum amount of time, in seconds, that an application process may take to process a request.
+
+Default value: `undef`
+
+##### `passenger_max_requests`
+
+Data type: `Any`
+
+The maximum number of requests an application process will process.
+
+Default value: `undef`
+
+##### `passenger_memory_limit`
+
+Data type: `Any`
+
+The maximum amount of memory that an application process may use, in megabytes.
+
+Default value: `undef`
+
+##### `passenger_meteor_app_settings`
+
+Data type: `Any`
+
+When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.
+
+Default value: `undef`
+
+##### `passenger_min_instances`
+
+Data type: `Any`
+
+Specifies the minimum number of application processes that should exist for a given application.
+
+Default value: `undef`
+
+##### `passenger_nodejs`
+
+Data type: `Any`
+
+Specifies the Node.js command to use for serving Node.js web applications.
+
+Default value: `undef`
+
+##### `passenger_pool_idle_time`
+
+Data type: `Any`
+
+The maximum number of seconds that an application process may be idle.
+
+Default value: `undef`
+
+##### `passenger_pre_start`
+
+Data type: `Optional[Variant[String,Array[String]]]`
+
+URL of the web application you want to pre-start.
+
+Default value: `undef`
+
+##### `passenger_python`
+
+Data type: `Any`
+
+Specifies the Python interpreter to use for serving Python web applications.
+
+Default value: `undef`
+
+##### `passenger_resist_deployment_errors`
+
+Data type: `Any`
+
+Enables or disables resistance against deployment errors.
+
+Default value: `undef`
+
+##### `passenger_resolve_symlinks_in_document_root`
+
+Data type: `Any`
+
+This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a
+document root containing symlinks.
+
+Default value: `undef`
+
+##### `passenger_response_buffer_high_watermark`
+
+Data type: `Any`
+
+Configures the maximum size of the real-time disk-backed response buffering system.
+
+Default value: `undef`
+
+##### `passenger_restart_dir`
+
+Data type: `Any`
+
+Path to directory containing restart.txt file. Can be either absolute or relative.
+
+Default value: `undef`
+
+##### `passenger_rolling_restarts`
+
+Data type: `Any`
+
+Enables or disables support for zero-downtime application restarts through restart.txt.
+
+Default value: `undef`
+
+##### `passenger_root`
+
+Data type: `Any`
+
+Refers to the location to the Passenger root directory, or to a location configuration file.
+
+Default value: $::apache::params::passenger_root
+
+##### `passenger_ruby`
+
+Data type: `Any`
+
+Specifies the Ruby interpreter to use for serving Ruby web applications.
+
+Default value: $::apache::params::passenger_ruby
+
+##### `passenger_security_update_check_proxy`
+
+Data type: `Any`
+
+Allows use of an intermediate proxy for the Passenger security update check.
+
+Default value: `undef`
+
+##### `passenger_show_version_in_header`
+
+Data type: `Any`
+
+Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:
+
+Default value: `undef`
+
+##### `passenger_socket_backlog`
+
+Data type: `Any`
+
+This option can be raised if Apache manages to overflow the backlog queue.
+
+Default value: `undef`
+
+##### `passenger_spawn_method`
+
+Data type: `Optional[Enum['smart', 'direct', 'smart-lv2', 'conservative']]`
+
+Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+
+Default value: `undef`
+
+##### `passenger_start_timeout`
+
+Data type: `Any`
+
+Specifies a timeout for the startup of application processes.
+
+Default value: `undef`
+
+##### `passenger_startup_file`
+
+Data type: `Any`
+
+Specifies the startup file that Passenger should use when loading the application.
+
+Default value: `undef`
+
+##### `passenger_stat_throttle_rate`
+
+Data type: `Any`
+
+Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.
+
+Default value: `undef`
+
+##### `passenger_sticky_sessions`
+
+Data type: `Any`
+
+Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible.
+
+Default value: `undef`
+
+##### `passenger_sticky_sessions_cookie_name`
+
+Data type: `Any`
+
+Sets the name of the sticky sessions cookie.
+
+Default value: `undef`
+
+##### `passenger_thread_count`
+
+Data type: `Any`
+
+Specifies the number of threads that Passenger should spawn per Ruby application process.
+
+Default value: `undef`
+
+##### `passenger_use_global_queue`
+
+Data type: `Any`
+
+N/A.
+
+Default value: `undef`
+
+##### `passenger_user`
+
+Data type: `Any`
+
+Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the
+startup file.
+
+Default value: `undef`
+
+##### `passenger_user_switching`
+
+Data type: `Any`
+
+Toggles whether to attempt to enable user account sandboxing, also known as user switching.
+
+Default value: `undef`
+
+##### `rack_auto_detect`
+
+Data type: `Any`
+
+This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+
+Default value: `undef`
+
+##### `rack_autodetect`
+
+Data type: `Any`
+
+This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+
+Default value: `undef`
+
+##### `rack_base_uri`
+
+Data type: `Any`
+
+Deprecated in 3.0.0 in favor of PassengerBaseURI.
+
+Default value: `undef`
+
+##### `rack_env`
+
+Data type: `Any`
+
+Alias for PassengerAppEnv.
+
+Default value: `undef`
+
+##### `rails_allow_mod_rewrite`
+
+Data type: `Any`
+
+This option doesn't do anything anymore since version 4.0.0.
+
+Default value: `undef`
+
+##### `rails_app_spawner_idle_time`
+
+Data type: `Any`
+
+This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.
+
+Default value: `undef`
+
+##### `rails_auto_detect`
+
+Data type: `Any`
+
+This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+
+Default value: `undef`
+
+##### `rails_autodetect`
+
+Data type: `Any`
+
+This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+
+Default value: `undef`
+
+##### `rails_base_uri`
+
+Data type: `Any`
+
+Deprecated in 3.0.0 in favor of PassengerBaseURI.
+
+Default value: `undef`
+
+##### `rails_default_user`
+
+Data type: `Any`
+
+Deprecated in 3.0.0 in favor of PassengerDefaultUser
+
+Default value: `undef`
+
+##### `rails_env`
+
+Data type: `Any`
+
+Alias for PassengerAppEnv.
+
+Default value: `undef`
+
+##### `rails_framework_spawner_idle_time`
+
+Data type: `Any`
+
+This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed
+altogether. You should use smart spawning instead.
+
+Default value: `undef`
+
+##### `rails_ruby`
+
+Data type: `Any`
+
+Deprecated in 3.0.0 in favor of PassengerRuby.
+
+Default value: `undef`
+
+##### `rails_spawn_method`
+
+Data type: `Any`
+
+Deprecated in 3.0.0 in favor of PassengerSpawnMethod.
+
+Default value: `undef`
+
+##### `rails_user_switching`
+
+Data type: `Any`
+
+Deprecated in 3.0.0 in favor of PassengerUserSwitching.
+
+Default value: `undef`
+
+##### `wsgi_auto_detect`
+
+Data type: `Any`
+
+This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+
+Default value: `undef`
+
+### apache::mod::perl
+
+Installs `mod_perl`.
+
+* **See also**
+https://perl.apache.org
+for additional documentation.
+
+### apache::mod::peruser
+
+Installs `mod_peruser`.
+
+* **TODO** Add docs
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::peruser` class.
+
+##### `minspareprocessors`
+
+Data type: `Any`
+
+
+
+Default value: '2'
+
+##### `minprocessors`
+
+Data type: `Any`
+
+
+
+Default value: '2'
+
+##### `maxprocessors`
+
+Data type: `Any`
+
+
+
+Default value: '10'
+
+##### `maxclients`
+
+Data type: `Any`
+
+
+
+Default value: '150'
+
+##### `maxrequestsperchild`
+
+Data type: `Any`
+
+
+
+Default value: '1000'
+
+##### `idletimeout`
+
+Data type: `Any`
+
+
+
+Default value: '120'
+
+##### `expiretimeout`
+
+Data type: `Any`
+
+
+
+Default value: '120'
+
+##### `keepalive`
+
+Data type: `Any`
+
+
+
+Default value: 'Off'
+
+### apache::mod::php
+
+Installs `mod_php`.
+
+* **TODO** Add docs
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::php` class.
+
+##### `package_name`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `package_ensure`
+
+Data type: `Any`
+
+
+
+Default value: 'present'
+
+##### `path`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `extensions`
+
+Data type: `Array`
+
+
+
+Default value: ['.php']
+
+##### `content`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `template`
+
+Data type: `Any`
+
+
+
+Default value: 'apache/mod/php.conf.erb'
+
+##### `source`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+##### `root_group`
+
+Data type: `Any`
+
+
+
+Default value: $::apache::params::root_group
+
+##### `php_version`
+
+Data type: `Any`
+
+
+
+Default value: $::apache::params::php_version
+
+##### `libphp_prefix`
+
+Data type: `Any`
+
+
+
+Default value: 'libphp'
+
+### apache::mod::prefork
+
+Installs and configures MPM `prefork`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/prefork.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::prefork` class.
+
+##### `startservers`
+
+Data type: `Any`
+
+Number of child server processes created at startup.
+
+Default value: '8'
+
+##### `minspareservers`
+
+Data type: `Any`
+
+Minimum number of idle child server processes.
+
+Default value: '5'
+
+##### `maxspareservers`
+
+Data type: `Any`
+
+Maximum number of idle child server processes.
+
+Default value: '20'
+
+##### `serverlimit`
+
+Data type: `Any`
+
+Upper limit on configurable number of processes.
+
+Default value: '256'
+
+##### `maxclients`
+
+Data type: `Any`
+
+Old alias for MaxRequestWorkers.
+
+Default value: '256'
+
+##### `maxrequestworkers`
+
+Data type: `Any`
+
+Maximum number of connections that will be processed simultaneously.
+
+Default value: `undef`
+
+##### `maxrequestsperchild`
+
+Data type: `Any`
+
+Old alias for MaxConnectionsPerChild.
+
+Default value: '4000'
+
+##### `maxconnectionsperchild`
+
+Data type: `Any`
+
+Limit on the number of connections that an individual child server will handle during its life.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+##### `listenbacklog`
+
+Data type: `Any`
+
+Maximum length of the queue of pending connections.
+
+Default value: '511'
+
+### apache::mod::proxy
+
+Installs and configures `mod_proxy`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::proxy` class.
+
+##### `proxy_requests`
+
+Data type: `Any`
+
+Enables forward (standard) proxy requests.
+
+Default value: 'Off'
+
+##### `allow_from`
+
+Data type: `Any`
+
+List of IPs allowed to access proxy.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+##### `package_name`
+
+Data type: `Any`
+
+Name of the proxy package to install.
+
+Default value: `undef`
+
+##### `proxy_via`
+
+Data type: `Any`
+
+Set local IP address for outgoing proxy connections.
+
+Default value: 'On'
+
+##### `proxy_timeout`
+
+Data type: `Any`
+
+Network timeout for proxied requests.
+
+Default value: '60'
+
+### apache::mod::proxy_ajp
+
+Installs `mod_proxy_ajp`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html
+for additional documentation.
+
+### apache::mod::proxy_balancer
+
+Installs and configures `mod_proxy_balancer`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::proxy_balancer` class.
+
+##### `manager`
+
+Data type: `Boolean`
+
+Toggle whether to enable balancer manager support.
+
+Default value: `false`
+
+##### `maanger_path`
+
+Server relative path to balancer manager.
+
+##### `allow_from`
+
+Data type: `Array`
+
+List of IPs from which the balancer manager can be accessed.
+
+Default value: ['127.0.0.1','::1']
+
+##### `apache_version`
+
+Data type: `Any`
+
+Version of Apache to install module on.
+
+Default value: $::apache::apache_version
+
+##### `manager_path`
+
+Data type: `Stdlib::Absolutepath`
+
+
+
+Default value: '/balancer-manager'
+
+### apache::mod::proxy_connect
+
+Installs `mod_proxy_connect`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::proxy_connect` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+### apache::mod::proxy_fcgi
+
+Installs `mod_proxy_fcgi`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html
+for additional documentation.
+
+### apache::mod::proxy_html
+
+Installs `mod_proxy_html`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_html.html
+for additional documentation.
+
+### apache::mod::proxy_http
+
+Installs `mod_proxy_http`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_http.html
+for additional documentation.
+
+### apache::mod::proxy_wstunnel
+
+Installs `mod_proxy_wstunnel`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html
+for additional documentation.
+
+### apache::mod::python
+
+Installs and configures `mod_python`.
+
+* **See also**
+https://github.com/grisha/mod_python
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::python` class.
+
+##### `loadfile_name`
+
+Data type: `Optional[String]`
+
+Sets the name of the configuration file that is used to load the python module.
+
+Default value: `undef`
+
+### apache::mod::remoteip
+
+Installs and configures `mod_remoteip`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_remoteip.html
+https://httpd.apache.org/docs/current/mod/mod_remoteip.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::remoteip` class.
+
+##### `header`
+
+Data type: `String`
+
+The header field in which `mod_remoteip` will look for the useragent IP.
+
+Default value: 'X-Forwarded-For'
+
+##### `internal_proxy`
+
+Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]`
+
+A list of IP addresses, IP blocks or hostname that are trusted to set a
+valid value inside specified header. Unlike the `$trusted_proxy_ips`
+parameter, any IP address (including private addresses) presented by these
+proxies will trusted by `mod_remoteip`.
+
+Default value: `undef`
+
+##### `proxy_ips`
+
+Data type: `Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]]`
+
+*Deprecated*: use `$internal_proxy` instead.
+
+Default value: `undef`
+
+##### `internal_proxy_list`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path to a file containing a list of IP addresses, IP blocks or hostname
+that are trusted to set a valid value inside the specified header. See
+`$internal_proxy` for details.
+
+Default value: `undef`
+
+##### `proxies_header`
+
+Data type: `Optional[String]`
+
+A header into which `mod_remoteip` will collect a list of all of the
+intermediate client IP addresses trusted to resolve the useragent IP of the
+request (e.g. `X-Forwarded-By`).
+
+Default value: `undef`
+
+##### `proxy_protocol`
+
+Data type: `Boolean`
+
+Wether or not to enable the PROXY protocol header handling. If enabled
+upstream clients must set the header every time they open a connection.
+
+Default value: `false`
+
+##### `proxy_protocol_exceptions`
+
+Data type: `Optional[Array[Stdlib::Host]]`
+
+A list of IP address or IP blocks that are not required to use the PROXY
+protocol.
+
+Default value: `undef`
+
+##### `trusted_proxy`
+
+Data type: `Optional[Array[Stdlib::Host]]`
+
+A list of IP addresses, IP blocks or hostname that are trusted to set a
+valid value inside the specified header. Unlike the `$proxy_ips` parameter,
+any private IP presented by these proxies will be disgarded by
+`mod_remoteip`.
+
+Default value: `undef`
+
+##### `trusted_proxy_ips`
+
+Data type: `Optional[Array[Stdlib::Host]]`
+
+*Deprecated*: use `$trusted_proxy` instead.
+
+Default value: `undef`
+
+##### `trusted_proxy_list`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+The path to a file containing a list of IP addresses, IP blocks or hostname
+that are trusted to set a valid value inside the specified header. See
+`$trusted_proxy` for details.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Optional[String]`
+
+A version string used to validate that your apache version supports
+`mod_remoteip`. If not specified, `$::apache::apache_version` is used.
+
+Default value: `undef`
+
+### apache::mod::reqtimeout
+
+Installs and configures `mod_reqtimeout`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::reqtimeout` class.
+
+##### `timeouts`
+
+Data type: `Any`
+
+List of timeouts and data rates for receiving requests.
+
+Default value: ['header=20-40,minrate=500', 'body=10,minrate=500']
+
+### apache::mod::rewrite
+
+Installs `mod_rewrite`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_rewrite.html
+for additional documentation.
+
+### apache::mod::rpaf
+
+Installs and configures `mod_rpaf`.
+
+* **See also**
+https://github.com/gnif/mod_rpaf
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::rpaf` class.
+
+##### `sethostname`
+
+Data type: `Any`
+
+Toggles whether to update vhost name so ServerName and ServerAlias work.
+
+Default value: `true`
+
+##### `proxy_ips`
+
+Data type: `Any`
+
+List of IPs & bitmasked subnets to adjust requests for
+
+Default value: [ '127.0.0.1' ]
+
+##### `header`
+
+Data type: `Any`
+
+Header to use for the real IP address.
+
+Default value: 'X-Forwarded-For'
+
+##### `template`
+
+Data type: `Any`
+
+Path to template to use for configuring mod_rpaf.
+
+Default value: 'apache/mod/rpaf.conf.erb'
+
+### apache::mod::security
+
+Installs and configures `mod_security`.
+
+* **See also**
+https://github.com/SpiderLabs/ModSecurity/wiki
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::security` class.
+
+##### `logroot`
+
+Data type: `Any`
+
+Configures the location of audit and debug logs.
+
+Default value: $::apache::params::logroot
+
+##### `crs_package`
+
+Data type: `Any`
+
+Name of package that installs CRS rules.
+
+Default value: $::apache::params::modsec_crs_package
+
+##### `activated_rules`
+
+Data type: `Any`
+
+An array of rules from the modsec_crs_path or absolute to activate via symlinks.
+
+Default value: $::apache::params::modsec_default_rules
+
+##### `modsec_dir`
+
+Data type: `Any`
+
+Defines the path where Puppet installs the modsec configuration and activated rules links.
+
+Default value: $::apache::params::modsec_dir
+
+##### `modsec_secruleengine`
+
+Data type: `Any`
+
+Configures the rules engine.
+
+Default value: $::apache::params::modsec_secruleengine
+
+##### `audit_log_relevant_status`
+
+Data type: `Any`
+
+Configures which response status code is to be considered relevant for the purpose of audit logging.
+
+Default value: '^(?:5|4(?!04))'
+
+##### `audit_log_parts`
+
+Data type: `Any`
+
+Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a
+letter appears in the list then the equivalent part will be recorded.
+
+Default value: $::apache::params::modsec_audit_log_parts
+
+##### `secpcrematchlimit`
+
+Data type: `Any`
+
+Sets the match limit in the PCRE library.
+
+Default value: $::apache::params::secpcrematchlimit
+
+##### `secpcrematchlimitrecursion`
+
+Data type: `Any`
+
+Sets the match limit recursion in the PCRE library.
+
+Default value: $::apache::params::secpcrematchlimitrecursion
+
+##### `allowed_methods`
+
+Data type: `Any`
+
+A space-separated list of allowed HTTP methods.
+
+Default value: 'GET HEAD POST OPTIONS'
+
+##### `content_types`
+
+Data type: `Any`
+
+A list of one or more allowed MIME types.
+
+Default value: 'application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf'
+
+##### `restricted_extensions`
+
+Data type: `Any`
+
+A space-sparated list of prohibited file extensions.
+
+Default value: '.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/'
+
+##### `restricted_headers`
+
+Data type: `Any`
+
+A list of restricted headers separated by slashes and spaces.
+
+Default value: '/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'
+
+##### `secdefaultaction`
+
+Data type: `Any`
+
+Defines the default list of actions, which will be inherited by the rules in the same configuration context.
+
+Default value: 'deny'
+
+##### `anomaly_score_blocking`
+
+Data type: `Any`
+
+Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
+
+Default value: 'off'
+
+##### `inbound_anomaly_threshold`
+
+Data type: `Any`
+
+Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+Default value: '5'
+
+##### `outbound_anomaly_threshold`
+
+Data type: `Any`
+
+Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+
+Default value: '4'
+
+##### `critical_anomaly_score`
+
+Data type: `Any`
+
+Sets the Anomaly Score for rules assigned with a critical severity.
+
+Default value: '5'
+
+##### `error_anomaly_score`
+
+Data type: `Any`
+
+Sets the Anomaly Score for rules assigned with a error severity.
+
+Default value: '4'
+
+##### `warning_anomaly_score`
+
+Data type: `Any`
+
+Sets the Anomaly Score for rules assigned with a warning severity.
+
+Default value: '3'
+
+##### `notice_anomaly_score`
+
+Data type: `Any`
+
+Sets the Anomaly Score for rules assigned with a notice severity.
+
+Default value: '2'
+
+##### `secrequestmaxnumargs`
+
+Data type: `Any`
+
+Sets the maximum number of arguments in the request.
+
+Default value: '255'
+
+##### `secrequestbodylimit`
+
+Data type: `Any`
+
+Sets the maximum request body size ModSecurity will accept for buffering.
+
+Default value: '13107200'
+
+##### `secrequestbodynofileslimit`
+
+Data type: `Any`
+
+Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported
+in the request.
+
+Default value: '131072'
+
+##### `secrequestbodyinmemorylimit`
+
+Data type: `Any`
+
+Configures the maximum request body size that ModSecurity will store in memory.
+
+Default value: '131072'
+
+##### `manage_security_crs`
+
+Data type: `Any`
+
+Toggles whether to manage ModSecurity Core Rule Set
+
+Default value: `true`
+
+### apache::mod::setenvif
+
+Installs `mod_setenvif`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_setenvif.html
+for additional documentation.
+
+### apache::mod::shib
+
+This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You
+can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
+
+* **Note** The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories.
+See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide).
+
+* **See also**
+https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::shib` class.
+
+##### `suppress_warning`
+
+Data type: `Any`
+
+Toggles whether to trigger warning on RedHat nodes.
+
+Default value: `false`
+
+##### `mod_full_path`
+
+Data type: `Any`
+
+Specifies a path to the module. Do not manually set this parameter without a special reason.
+
+Default value: `undef`
+
+##### `package_name`
+
+Data type: `Any`
+
+Name of the Shibboleth package to be installed.
+
+Default value: `undef`
+
+##### `mod_lib`
+
+Data type: `Any`
+
+Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter
+overrides this value.
+
+Default value: `undef`
+
+### apache::mod::socache_shmcb
+
+Installs `mod_socache_shmcb`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html
+for additional documentation.
+
+### apache::mod::speling
+
+Installs `mod_spelling`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_speling.html
+for additional documentation.
+
+### apache::mod::ssl
+
+On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
+file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.
+
+To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in
+apache::vhost to true.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_ssl.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::ssl` class.
+
+##### `ssl_compression`
+
+Data type: `Boolean`
+
+Enable compression on the SSL level.
+
+Default value: `false`
+
+##### `ssl_cryptodevice`
+
+Data type: `Any`
+
+Enable use of a cryptographic hardware accelerator.
+
+Default value: 'builtin'
+
+##### `ssl_options`
+
+Data type: `Any`
+
+Configure various SSL engine run-time options.
+
+Default value: [ 'StdEnvVars' ]
+
+##### `ssl_openssl_conf_cmd`
+
+Data type: `Any`
+
+Configure OpenSSL parameters through its SSL_CONF API.
+
+Default value: `undef`
+
+##### `ssl_cert`
+
+Data type: `Optional[String]`
+
+Path to server PEM-encoded X.509 certificate data file.
+
+Default value: `undef`
+
+##### `ssl_key`
+
+Data type: `Optional[String]`
+
+Path to server PEM-encoded private key file
+
+Default value: `undef`
+
+##### `ssl_ca`
+
+Data type: `Any`
+
+File of concatenated PEM-encoded CA Certificates for Client Auth.
+
+Default value: `undef`
+
+##### `ssl_cipher`
+
+Data type: `Any`
+
+Cipher Suite available for negotiation in SSL handshake.
+
+Default value: 'HIGH:MEDIUM:!aNULL:!MD5:!RC4:!3DES'
+
+##### `ssl_honorcipherorder`
+
+Data type: `Variant[Boolean, Enum['on', 'off']]`
+
+Option to prefer the server's cipher preference order.
+
+Default value: `true`
+
+##### `ssl_protocol`
+
+Data type: `Any`
+
+Configure usable SSL/TLS protocol versions.
+
+Default value: [ 'all', '-SSLv2', '-SSLv3' ]
+
+##### `ssl_proxy_protocol`
+
+Data type: `Array`
+
+Configure usable SSL protocol flavors for proxy usage.
+
+Default value: []
+
+##### `ssl_pass_phrase_dialog`
+
+Data type: `Any`
+
+Type of pass phrase dialog for encrypted private keys.
+
+Default value: 'builtin'
+
+##### `ssl_random_seed_bytes`
+
+Data type: `Any`
+
+Pseudo Random Number Generator (PRNG) seeding source.
+
+Default value: '512'
+
+##### `ssl_sessioncache`
+
+Data type: `String`
+
+Configures the storage type of the global/inter-process SSL Session Cache
+
+Default value: $::apache::params::ssl_sessioncache
+
+##### `ssl_sessioncachetimeout`
+
+Data type: `Any`
+
+Number of seconds before an SSL session expires in the Session Cache.
+
+Default value: '300'
+
+##### `ssl_stapling`
+
+Data type: `Boolean`
+
+Enable stapling of OCSP responses in the TLS handshake.
+
+Default value: `false`
+
+##### `ssl_stapling_return_errors`
+
+Data type: `Optional[Boolean]`
+
+Pass stapling related OCSP errors on to client.
+
+Default value: `undef`
+
+##### `ssl_mutex`
+
+Data type: `Any`
+
+Configures mutex mechanism and lock file directory for all or specified mutexes.
+Default based on the OS and/or Apache version:
+- RedHat/FreeBSD/Suse/Gentoo: 'default'.
+- Debian/Ubuntu + Apache >= 2.4: 'default'.
+- Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'.
+- Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'.
+
+Default value: `undef`
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+##### `package_name`
+
+Data type: `Any`
+
+Name of ssl package to install.
+
+Default value: `undef`
+
+### apache::mod::status
+
+Installs and configures `mod_status`.
+
+* **See also**
+http://httpd.apache.org/docs/current/mod/mod_status.html
+for additional documentation.
+
+#### Examples
+
+#####
+
+```puppet
+# Simple usage allowing access from localhost and a private subnet
+class { 'apache::mod::status':
+ $allow_from => ['127.0.0.1', '10.10.10.10/24'],
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::status` class.
+
+##### `allow_from`
+
+Data type: `Optional[Array]`
+
+Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special
+/server-status URL. Defaults to ['127.0.0.1', '::1'].
+> Creates Apache < 2.4 directive "Allow from".
+
+Default value: `undef`
+
+##### `requires`
+
+Data type: `Optional[Variant[String, Array, Hash]]`
+
+A Variant type that can be:
+- String with:
+ - '' or 'unmanaged' - Host auth control done elsewhere
+ - 'ip ' - Allowed IPs/ranges
+ - 'host ' - Allowed names/domains
+ - 'all [granted|denied]'
+- Array of strings with ip or host as above
+- Hash with following keys:
+ - 'requires' - Value => Array as above
+ - 'enforce' - Value => String 'Any', 'All' or 'None'
+ This encloses "Require" directives in "" block
+ Optional - If unspecified, "Require" directives follow current flow
+> Creates Apache >= 2.4 directives "Require"
+
+Default value: `undef`
+
+##### `extended_status`
+
+Data type: `Enum['On', 'Off', 'on', 'off']`
+
+Determines whether to track extended status information for each request, via the ExtendedStatus directive.
+
+Default value: 'On'
+
+##### `status_path`
+
+Data type: `Any`
+
+Path assigned to the Location directive which defines the URL to access the server status.
+
+Default value: '/server-status'
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+### apache::mod::suexec
+
+Installs `mod_suexec`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_suexec.html
+for additional documentation.
+
+### apache::mod::suphp
+
+Installs `mod_suphp`.
+
+* **See also**
+https://www.suphp.org/DocumentationView.html?file=apache/INSTALL
+for additional documentation.
+
+### apache::mod::userdir
+
+Installs and configures `mod_userdir`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_userdir.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::userdir` class.
+
+##### `home`
+
+Data type: `Any`
+
+*Deprecated* Path to system home directory.
+
+Default value: `undef`
+
+##### `dir`
+
+Data type: `Any`
+
+*Deprecated* Path from user's home directory to public directory.
+
+Default value: `undef`
+
+##### `disable_root`
+
+Data type: `Any`
+
+Toggles whether to allow use of root directory.
+
+Default value: `true`
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+##### `path`
+
+Data type: `Any`
+
+Path to directory or pattern from which to find user-specific directories.
+
+Default value: '/home/*/public_html'
+
+##### `overrides`
+
+Data type: `Any`
+
+Array of directives that are allowed in .htaccess files.
+
+Default value: [ 'FileInfo', 'AuthConfig', 'Limit', 'Indexes' ]
+
+##### `options`
+
+Data type: `Any`
+
+Configures what features are available in a particular directory.
+
+Default value: [ 'MultiViews', 'Indexes', 'SymLinksIfOwnerMatch', 'IncludesNoExec' ]
+
+### apache::mod::version
+
+Installs `mod_version`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_version.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::version` class.
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: $::apache::apache_version
+
+### apache::mod::vhost_alias
+
+Installs Apache `mod_vhost_alias`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html
+for additional documentation.
+
+### apache::mod::worker
+
+Installs and manages the MPM `worker`.
+
+* **See also**
+https://httpd.apache.org/docs/current/mod/worker.html
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::worker` class.
+
+##### `startservers`
+
+Data type: `Any`
+
+The number of child server processes created on startup
+
+Default value: '2'
+
+##### `maxclients`
+
+Data type: `Any`
+
+The max number of simultaneous requests that will be served.
+This is the old name and is still supported. The new name is
+MaxRequestWorkers as of 2.3.13.
+
+Default value: '150'
+
+##### `minsparethreads`
+
+Data type: `Any`
+
+Minimum number of idle threads to handle request spikes.
+
+Default value: '25'
+
+##### `maxsparethreads`
+
+Data type: `Any`
+
+Maximum number of idle threads.
+
+Default value: '75'
+
+##### `threadsperchild`
+
+Data type: `Any`
+
+The number of threads created by each child process.
+
+Default value: '25'
+
+##### `maxrequestsperchild`
+
+Data type: `Any`
+
+Limit on the number of connectiojns an individual child server
+process will handle. This is the old name and is still supported. The new
+name is MaxConnectionsPerChild as of 2.3.9+.
+
+Default value: '0'
+
+##### `serverlimit`
+
+Data type: `Any`
+
+With worker, use this directive only if your MaxRequestWorkers
+and ThreadsPerChild settings require more than 16 server processes
+(default). Do not set the value of this directive any higher than the
+number of server processes required by what you may want for
+MaxRequestWorkers and ThreadsPerChild.
+
+Default value: '25'
+
+##### `threadlimit`
+
+Data type: `Any`
+
+This directive sets the maximum configured value for
+ThreadsPerChild for the lifetime of the Apache httpd process.
+
+Default value: '64'
+
+##### `listenbacklog`
+
+Data type: `Any`
+
+Maximum length of the queue of pending connections.
+
+Default value: '511'
+
+##### `apache_version`
+
+Data type: `Any`
+
+Used to verify that the Apache version you have requested is compatible with the module.
+
+Default value: `undef`
+
+### apache::mod::wsgi
+
+Installs and configures `mod_wsgi`.
+
+* **See also**
+https://github.com/GrahamDumpleton/mod_wsgi
+for additional documentation.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod::wsgi` class.
+
+##### `wsgi_restrict_embedded`
+
+Data type: `Any`
+
+Enable restrictions on use of embedded mode.
+
+Default value: `undef`
+
+##### `wsgi_socket_prefix`
+
+Data type: `Any`
+
+Configure directory to use for daemon sockets.
+
+Default value: $::apache::params::wsgi_socket_prefix
+
+##### `wsgi_python_path`
+
+Data type: `Any`
+
+Additional directories to search for Python modules.
+
+Default value: `undef`
+
+##### `wsgi_python_home`
+
+Data type: `Any`
+
+Absolute path to Python prefix/exec_prefix directories.
+
+Default value: `undef`
+
+##### `wsgi_python_optimize`
+
+Data type: `Any`
+
+Enables basic Python optimisation features.
+
+Default value: `undef`
+
+##### `wsgi_application_group`
+
+Data type: `Any`
+
+Sets which application group WSGI application belongs to.
+
+Default value: `undef`
+
+##### `package_name`
+
+Data type: `Any`
+
+Names of package that installs mod_wsgi.
+
+Default value: `undef`
+
+##### `mod_path`
+
+Data type: `Any`
+
+Defines the path to the mod_wsgi shared object (.so) file.
+
+Default value: `undef`
+
+### apache::mod::xsendfile
+
+Installs `mod_xsendfile`.
+
+* **See also**
+https://tn123.org/mod_xsendfile/
+for additional documentation.
+
+### apache::vhosts
+
+host parameters or Configuring virtual hosts in the README section.
+
+* **Note** See the `apache::vhost` defined type's reference for a list of all virtual
+
+#### Examples
+
+##### To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1`
+
+```puppet
+class { 'apache::vhosts':
+ vhosts => {
+ 'custom_vhost_1' => {
+ 'docroot' => '/var/www/custom_vhost_1',
+ 'port' => '81',
+ },
+ },
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::vhosts` class.
+
+##### `vhosts`
+
+Data type: `Any`
+
+A hash, where the key represents the name and the value represents a hash of
+`apache::vhost` defined type's parameters.
+
+Default value: {}
+
+## Defined types
+
+### apache::balancer
+
+Each balancer cluster needs one or more balancer members (that can
+be declared with the apache::balancermember defined resource type). Using
+storeconfigs, you can export the apache::balancermember resources on all
+balancer members, and then collect them on a single apache load balancer
+server.
+
+* **Note** Currently requires the puppetlabs/concat module on the Puppet Forge and uses
+storeconfigs on the Puppet Master to export/collect resources from all
+balancer members.
+
+#### Examples
+
+#####
+
+```puppet
+apache::balancer { 'puppet00': }
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::balancer` defined type.
+
+##### `name`
+
+The namevar of the defined resource type is the balancer clusters name.
+This name is also used in the name of the conf.d file
+
+##### `proxy_set`
+
+Data type: `Any`
+
+Configures key-value pairs to be used as a ProxySet lines in the configuration.
+
+Default value: {}
+
+##### `target`
+
+Data type: `Any`
+
+The path to the file the balancer definition will be written in.
+
+Default value: `undef`
+
+##### `collect_exported`
+
+Data type: `Any`
+
+Determines whether to use exported resources.
+If you statically declare all of your backend servers, set this parameter to false to rely
+on existing, declared balancer member resources. Also, use apache::balancermember with array
+arguments.
+To dynamically declare backend servers via exported resources collected on a central node,
+set this parameter to true to collect the balancer member resources exported by the balancer
+member nodes.
+If you don't use exported resources, a single Puppet run configures all balancer members. If
+you use exported resources, Puppet has to run on the balanced nodes first, then run on the
+balancer.
+
+Default value: `true`
+
+##### `options`
+
+Data type: `Any`
+
+Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
+after the balancer URL, and accepts any key-value pairs available to `ProxyPass`.
+
+Default value: []
+
+### apache::balancermember
+
+Sets up a balancer member inside a listening service configuration block in
+the load balancer's `apache.cfg`.
+
+This type will setup a balancer member inside a listening service
+configuration block in /etc/apache/apache.cfg on the load balancer.
+Currently it only has the ability to specify the instance name, url and an
+array of options. More features can be added as needed. The best way to
+implement this is to export this resource for all apache balancer member
+servers, and then collect them on the main apache load balancer.
+
+* **Note** Currently requires the puppetlabs/concat module on the Puppet Forge and
+uses storeconfigs on the Puppet Master to export/collect resources
+from all balancer members.
+
+#### Examples
+
+#####
+
+```puppet
+@@apache::balancermember { 'apache':
+ balancer_cluster => 'puppet00',
+ url => "ajp://${::fqdn}:8009"
+ options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::balancermember` defined type.
+
+##### `name`
+
+The title of the resource is arbitrary and only utilized in the concat
+fragment name.
+
+##### `balancer_cluster`
+
+Data type: `Any`
+
+The apache service's instance name (or, the title of the apache::balancer
+resource). This must match up with a declared apache::balancer resource.
+
+##### `url`
+
+Data type: `Any`
+
+The url used to contact the balancer member server.
+
+Default value: "http://${::fqdn}/"
+
+##### `options`
+
+Data type: `Any`
+
+Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
+after the URL, and accepts any key-value pairs available to `ProxyPass`.
+
+Default value: []
+
+### apache::custom_config
+
+If the file is invalid and this defined type's `verify_config` parameter's value is
+`true`, Puppet throws an error during a Puppet run.
+
+#### Parameters
+
+The following parameters are available in the `apache::custom_config` defined type.
+
+##### `ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Specifies whether the configuration file should be present.
+
+Default value: 'present'
+
+##### `confdir`
+
+Data type: `Any`
+
+Sets the directory in which Puppet places configuration files.
+
+Default value: $::apache::confd_dir
+
+##### `content`
+
+Data type: `Any`
+
+Sets the configuration file's content. The `content` and `source` parameters are exclusive
+of each other.
+
+Default value: `undef`
+
+##### `filename`
+
+Data type: `Any`
+
+Sets the name of the file under `confdir` in which Puppet stores the configuration.
+
+Default value: `undef`
+
+##### `priority`
+
+Data type: `Any`
+
+Sets the configuration file's priority by prefixing its filename with this parameter's
+numeric value, as Apache processes configuration files in alphanumeric order.
+To omit the priority prefix in the configuration file's name, set this parameter to `false`.
+
+Default value: '25'
+
+##### `source`
+
+Data type: `Any`
+
+Points to the configuration file's source. The `content` and `source` parameters are
+exclusive of each other.
+
+Default value: `undef`
+
+##### `verify_command`
+
+Data type: `Any`
+
+Specifies the command Puppet uses to verify the configuration file. Use a fully qualified
+command.
+This parameter is used only if the `verify_config` parameter's value is `true`. If the
+`verify_command` fails, the Puppet run deletes the configuration file and raises an error,
+but does not notify the Apache service.
+
+Default value: $::apache::params::verify_command
+
+##### `verify_config`
+
+Data type: `Boolean`
+
+Specifies whether to validate the configuration file before notifying the Apache service.
+
+Default value: `true`
+
+### apache::fastcgi::server
+
+Defines one or more external FastCGI servers to handle specific file types. Use this
+defined type with `mod_fastcgi`.
+
+#### Parameters
+
+The following parameters are available in the `apache::fastcgi::server` defined type.
+
+##### `host`
+
+Data type: `Any`
+
+Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
+
+Default value: '127.0.0.1:9000'
+
+##### `timeout`
+
+Data type: `Any`
+
+Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the
+request and logging the event at the error LogLevel. The inactivity timer applies only as
+long as a connection is pending with the FastCGI application. If a request is queued to an
+application, but the application doesn't respond by writing and flushing within this period,
+the request is aborted. If communication is complete with the application but incomplete with
+the client (the response is buffered), the timeout does not apply.
+
+Default value: 15
+
+##### `flush`
+
+Data type: `Any`
+
+Forces `mod_fastcgi` to write to the client as data is received from the
+application. By default, `mod_fastcgi` buffers data in order to free the application
+as quickly as possible.
+
+Default value: `false`
+
+##### `faux_path`
+
+Data type: `Any`
+
+Apache has FastCGI handle URIs that resolve to this filename. The path set in this
+parameter does not have to exist in the local filesystem.
+
+Default value: "/var/www/${name}.fcgi"
+
+##### `fcgi_alias`
+
+Data type: `Any`
+
+Internally links actions with the FastCGI server. This alias must be unique.
+
+Default value: "/${name}.fcgi"
+
+##### `file_type`
+
+Data type: `Any`
+
+Sets the MIME `content-type` of the file to be processed by the FastCGI server.
+
+Default value: 'application/x-httpd-php'
+
+##### `pass_header`
+
+Data type: `Any`
+
+
+
+Default value: `undef`
+
+### apache::listen
+
+The `apache::vhost` class uses this defined type, and titles take the form
+``, `:`, or `:`.
+
+### apache::mod
+
+Checks for or places the module's default configuration files in the Apache server's
+`module` and `enable` directories. The default locations depend on your operating system.
+
+#### Parameters
+
+The following parameters are available in the `apache::mod` defined type.
+
+##### `package`
+
+Data type: `Any`
+
+**Required**.
+Names the package Puppet uses to install the Apache module.
+
+Default value: `undef`
+
+##### `package_ensure`
+
+Data type: `Any`
+
+Determines whether Puppet ensures the Apache module should be installed.
+
+Default value: 'present'
+
+##### `lib`
+
+Data type: `Any`
+
+Defines the module's shared object name. Do not configure manually without special reason.
+
+Default value: `undef`
+
+##### `lib_path`
+
+Data type: `Any`
+
+Specifies a path to the module's libraries. Do not manually set this parameter
+without special reason. The `path` parameter overrides this value.
+
+Default value: $::apache::lib_path
+
+##### `loadfile_name`
+
+Data type: `Any`
+
+Sets the filename for the module's `LoadFile` directive, which can also set
+the module load order as Apache processes them in alphanumeric order.
+
+Default value: `undef`
+
+##### `id`
+
+Data type: `Any`
+
+Specifies the package id
+
+Default value: `undef`
+
+##### `loadfiles`
+
+Data type: `Any`
+
+Specifies an array of `LoadFile` directives.
+
+Default value: `undef`
+
+##### `path`
+
+Data type: `Any`
+
+Specifies a path to the module. Do not manually set this parameter without a special reason.
+
+Default value: `undef`
+
+### apache::namevirtualhost
+
+Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration
+directory. Titles can take the forms `\*`, `\*:\`, `\_default\_:\`,
+`\`, or `\:\`.
+
+### apache::vhost
+
+The apache module allows a lot of flexibility in the setup and configuration of virtual hosts.
+This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache
+to evaluate it multiple times with different parameters.
+The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts
+that have requirements outside the defaults. You can set up a default virtual host within
+the base `::apache` class, as well as set a customized virtual host as the default.
+Customized virtual hosts have a lower numeric `priority` than the base class's, causing
+Apache to process the customized virtual host first.
+The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To
+inject custom fragments for pieces of the configuration that the defined type doesn't
+inherently support, add a custom fragment.
+For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples
+of 10, so any `order` that isn't a multiple of 10 should work.
+> **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`,
+because vhosts with these titles are always managed by the module. This means that you cannot
+override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional
+workaround is to create a vhost named something else, such as `my default`, and ensure that the
+`default` and `default_ssl` vhosts are set to `false`:
+
+#### Examples
+
+#####
+
+```puppet
+class { 'apache':
+ default_vhost => false,
+ default_ssl_vhost => false,
+}
+```
+
+#### Parameters
+
+The following parameters are available in the `apache::vhost` defined type.
+
+##### `apache_version`
+
+Data type: `Any`
+
+Apache's version number as a string, such as '2.2' or '2.4'.
+
+Default value: $::apache::apache_version
+
+##### `access_log`
+
+Data type: `Boolean`
+
+Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
+
+Default value: `true`
+
+##### `access_log_env_var`
+
+Data type: `Any`
+
+Specifies that only requests with particular environment variables be logged.
+
+Default value: `false`
+
+##### `access_log_file`
+
+Data type: `Any`
+
+Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for
+instance, example.com--- it defaults to 'example.com_ssl.log' for
+[SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and
+`example.com_access.log` for unencrypted virtual hosts.
+
+Default value: `false`
+
+##### `access_log_format`
+
+Data type: `Any`
+
+Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the
+access log.
+
+Default value: `false`
+
+##### `access_log_pipe`
+
+Data type: `Any`
+
+Specifies a pipe where Apache sends access log messages.
+
+Default value: `false`
+
+##### `access_log_syslog`
+
+Data type: `Any`
+
+Sends all access log messages to syslog.
+
+Default value: `false`
+
+##### `access_logs`
+
+Data type: `Optional[Array]`
+
+Allows you to give a hash that specifies the state of each of the `access_log_*`
+directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
+
+Default value: `undef`
+
+##### `add_default_charset`
+
+Data type: `Any`
+
+Sets a default media charset value for the `AddDefaultCharset` directive, which is
+added to `text/plain` and `text/html` responses.
+
+Default value: `undef`
+
+##### `add_listen`
+
+Data type: `Any`
+
+Determines whether the virtual host creates a `Listen` statement.
+Setting `add_listen` to `false` prevents the virtual host from creating a `Listen`
+statement. This is important when combining virtual hosts that aren't passed an `ip`
+parameter with those that are.
+
+Default value: `true`
+
+##### `use_optional_includes`
+
+Data type: `Any`
+
+Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
+`additional_includes` in Apache 2.4 or newer.
+
+Default value: $::apache::use_optional_includes
+
+##### `additional_includes`
+
+Data type: `Any`
+
+Specifies paths to additional static, virtual host-specific Apache configuration files.
+You can use this parameter to implement a unique, custom configuration not supported by
+this module.
+
+Default value: []
+
+##### `aliases`
+
+Data type: `Any`
+
+Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`,
+`ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
+For example:
+``` puppet
+aliases => [
+ { aliasmatch => '^/image/(.*)\.jpg$',
+ path => '/files/jpg.images/$1.jpg',
+ },
+ { alias => '/image',
+ path => '/ftp/pub/image',
+ },
+ { scriptaliasmatch => '^/cgi-bin(.*)',
+ path => '/usr/local/share/cgi-bin$1',
+ },
+ { scriptalias => '/nagios/cgi-bin/',
+ path => '/usr/lib/nagios/cgi-bin/',
+ },
+ { alias => '/nagios',
+ path => '/usr/share/nagios/html',
+ },
+],
+```
+For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs
+a corresponding context, such as `` or
+``. Puppet creates the directives in the order specified in
+the `aliases` parameter. As described in the `mod_alias` documentation, add more specific
+`alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more
+general ones to avoid shadowing.
+> **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because
+you can precisely control the order of various alias directives. Defining `ScriptAliases`
+using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after
+*all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias`
+directives. This often causes problems; for example, this could cause problems with Nagios.
+If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias`
+directive might not be able to honor the `PassengerEnabled => off` statement. See
+[this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
+
+Default value: `undef`
+
+##### `allow_encoded_slashes`
+
+Data type: `Optional[Enum['on', 'off', 'nodecode']]`
+
+Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server
+default. This modifies the virtual host responses to URLs with `\` and `/` characters. The
+default setting omits the declaration from the server configuration and selects the
+Apache default setting of `Off`.
+
+Default value: `undef`
+
+##### `block`
+
+Data type: `Any`
+
+Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which
+blocks web access to `.svn`), `.git`, and `.bzr` directories.
+
+Default value: []
+
+##### `cas_attribute_prefix`
+
+Data type: `Any`
+
+Adds a header with the value of this header being the attribute values when SAML
+validation is enabled.
+
+Default value: `undef`
+
+##### `cas_attribute_delimiter`
+
+Data type: `Any`
+
+Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+
+Default value: `undef`
+
+##### `cas_login_url`
+
+Data type: `Any`
+
+Sets the URL to which the module redirects users when they attempt to access a
+CAS-protected resource and don't have an active session.
+
+Default value: `undef`
+
+##### `cas_root_proxied_as`
+
+Data type: `Any`
+
+Sets the URL end users see when access to this Apache server is proxied per vhost.
+This URL should not include a trailing slash.
+
+Default value: `undef`
+
+##### `cas_scrub_request_headers`
+
+Data type: `Any`
+
+Remove inbound request headers that may have special meaning within mod_auth_cas.
+
+Default value: `undef`
+
+##### `cas_sso_enabled`
+
+Data type: `Any`
+
+Enables experimental support for single sign out (may mangle POST data).
+
+Default value: `undef`
+
+##### `cas_validate_saml`
+
+Data type: `Any`
+
+Parse response from CAS server for SAML.
+
+Default value: `undef`
+
+##### `cas_validate_url`
+
+Data type: `Any`
+
+Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+
+Default value: `undef`
+
+##### `comment`
+
+Data type: `Optional[Variant[String,Array[String]]]`
+
+Adds comments to the header of the configuration file. Pass as string or an array of strings.
+For example:
+``` puppet
+comment => "Account number: 123B",
+```
+Or:
+``` puppet
+comment => [
+ "Customer: X",
+ "Frontend domain: x.example.org",
+]
+```
+
+Default value: `undef`
+
+##### `custom_fragment`
+
+Data type: `Optional[String]`
+
+Passes a string of custom configuration directives to place at the end of the virtual
+host configuration.
+
+Default value: `undef`
+
+##### `default_vhost`
+
+Data type: `Boolean`
+
+Sets a given `apache::vhost` defined type as the default to serve requests that do not
+match any other `apache::vhost` defined types.
+
+Default value: `false`
+
+##### `directoryindex`
+
+Data type: `Any`
+
+Sets the list of resources to look for when a client requests an index of the directory
+by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive
+documentation for details.
+
+Default value: ''
+
+##### `docroot`
+
+Data type: `Variant[Boolean,String]`
+
+**Required**.
+Sets the `DocumentRoot` location, from which Apache serves files.
+If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set
+and the accompanying `` block will not be created.
+
+##### `docroot_group`
+
+Data type: `Any`
+
+Sets group access to the `docroot` directory.
+
+Default value: $::apache::params::root_group
+
+##### `docroot_owner`
+
+Data type: `Any`
+
+Sets individual user access to the `docroot` directory.
+
+Default value: 'root'
+
+##### `docroot_mode`
+
+Data type: `Any`
+
+Sets access permissions for the `docroot` directory, in numeric notation.
+
+Default value: `undef`
+
+##### `manage_docroot`
+
+Data type: `Any`
+
+Determines whether Puppet manages the `docroot` directory.
+
+Default value: `true`
+
+##### `error_log`
+
+Data type: `Boolean`
+
+Specifies whether `*_error.log` directives should be configured.
+
+Default value: `true`
+
+##### `error_log_file`
+
+Data type: `Any`
+
+Points the virtual host's error logs to a `*_error.log` file. If this parameter is
+undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
+If none of these parameters is set, given a virtual host `example.com`, Puppet defaults
+to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and
+`$logroot/example.com_error.log` for non-SSL virtual hosts.
+
+Default value: `undef`
+
+##### `error_log_pipe`
+
+Data type: `Any`
+
+Specifies a pipe to send error log messages to.
+This parameter has no effect if the `error_log_file` parameter has a value. If neither
+this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
+
+Default value: `undef`
+
+##### `error_log_syslog`
+
+Data type: `Any`
+
+Determines whether to send all error log messages to syslog.
+This parameter has no effect if either of the `error_log_file` or `error_log_pipe`
+parameters has a value. If none of these parameters has a value, given a virtual host
+`example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual
+hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.
+
+Default value: `undef`
+
+##### `error_documents`
+
+Data type: `Any`
+
+A list of hashes which can be used to override the
+[ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
+settings for this virtual host.
+For example:
+``` puppet
+apache::vhost { 'sample.example.net':
+ error_documents => [
+ { 'error_code' => '503', 'document' => '/service-unavail' },
+ { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
+ ],
+}
+```
+
+Default value: []
+
+##### `ensure`
+
+Data type: `Enum['absent', 'present']`
+
+Specifies if the virtual host is present or absent.
+
+Default value: 'present'
+
+##### `fallbackresource`
+
+Data type: `Optional[Variant[Stdlib::Absolutepath, Enum['disabled']]]`
+
+Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)
+directive, which specifies an action to take for any URL that doesn't map to anything in
+your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin
+with a `/` or be `disabled`.
+
+Default value: `undef`
+
+##### `fastcgi_server`
+
+Data type: `Any`
+
+Specify an external FastCGI server to manage a connection to.
+
+Default value: `undef`
+
+##### `fastcgi_socket`
+
+Data type: `Any`
+
+Specify the socket that will be used to communicate with an external FastCGI server.
+
+Default value: `undef`
+
+##### `fastcgi_idle_timeout`
+
+Data type: `Any`
+
+If using fastcgi, this option sets the timeout for the server to respond.
+
+Default value: `undef`
+
+##### `fastcgi_dir`
+
+Data type: `Any`
+
+Specify an internal FastCGI directory that is to be managed.
+
+Default value: `undef`
+
+##### `filters`
+
+Data type: `Any`
+
+[Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart,
+context-sensitive configuration of output content filters.
+``` puppet
+apache::vhost { "$::fqdn":
+ filters => [
+ 'FilterDeclare COMPRESS',
+ 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
+ 'FilterChain COMPRESS',
+ 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
+ ],
+}
+```
+
+Default value: `undef`
+
+##### `h2_copy_files`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
+directive which influences how the requestion process pass files to the main connection.
+
+Default value: `undef`
+
+##### `h2_direct`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
+directive which toggles the usage of the HTTP/2 Direct Mode.
+
+Default value: `undef`
+
+##### `h2_early_hints`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
+directive which controls if HTTP status 103 interim responses are forwarded to
+the client or not.
+
+Default value: `undef`
+
+##### `h2_max_session_streams`
+
+Data type: `Optional[Integer]`
+
+Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
+directive which sets the maximum number of active streams per HTTP/2 session
+that the server allows.
+
+Default value: `undef`
+
+##### `h2_modern_tls_only`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
+directive which toggles the security checks on HTTP/2 connections in TLS mode.
+
+Default value: `undef`
+
+##### `h2_push`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
+directive which toggles the usage of the HTTP/2 server push protocol feature.
+
+Default value: `undef`
+
+##### `h2_push_diary_size`
+
+Data type: `Optional[Integer]`
+
+Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
+directive which toggles the maximum number of HTTP/2 server pushes that are
+remembered per HTTP/2 connection.
+
+Default value: `undef`
+
+##### `h2_push_priority`
+
+Data type: `Array[String]`
+
+Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
+directive which defines the priority handling of pushed responses based on the
+content-type of the response.
+
+Default value: []
+
+##### `h2_push_resource`
+
+Data type: `Array[String]`
+
+Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
+directive which declares resources for early pushing to the client.
+
+Default value: []
+
+##### `h2_serialize_headers`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
+directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
+format for processing by httpd core.
+
+Default value: `undef`
+
+##### `h2_stream_max_mem_size`
+
+Data type: `Optional[Integer]`
+
+Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
+directive which sets the maximum number of outgoing data bytes buffered in
+memory for an active stream.
+
+Default value: `undef`
+
+##### `h2_tls_cool_down_secs`
+
+Data type: `Optional[Integer]`
+
+Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
+directive which sets the number of seconds of idle time on a TLS connection
+before the TLS write size falls back to a small (~1300 bytes) length.
+
+Default value: `undef`
+
+##### `h2_tls_warm_up_size`
+
+Data type: `Optional[Integer]`
+
+Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
+directive which sets the number of bytes to be sent in small TLS records (~1300
+bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
+
+Default value: `undef`
+
+##### `h2_upgrade`
+
+Data type: `Optional[Boolean]`
+
+Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
+directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
+to HTTP/2.
+
+Default value: `undef`
+
+##### `h2_window_size`
+
+Data type: `Optional[Integer]`
+
+Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
+directive which sets the size of the window that is used for flow control from
+client to server and limits the amount of data the server has to buffer.
+
+Default value: `undef`
+
+##### `headers`
+
+Data type: `Any`
+
+Adds lines to replace, merge, or remove response headers. See
+[Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
+
+Default value: `undef`
+
+##### `ip`
+
+Data type: `Any`
+
+Sets the IP address the virtual host listens on. By default, uses Apache's default behavior
+of listening on all IPs.
+
+Default value: `undef`
+
+##### `ip_based`
+
+Data type: `Boolean`
+
+Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual
+host. This parameter inhibits the creation of a NameVirtualHost directive, since those are
+used to funnel requests to name-based virtual hosts.
+
+Default value: `false`
+
+##### `itk`
+
+Data type: `Optional[Hash]`
+
+Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
+Usage typically looks something like:
+``` puppet
+apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ itk => {
+ user => 'someuser',
+ group => 'somegroup',
+ },
+}
+```
+Valid values are: a hash, which can include the keys:
+* `user` + `group`
+* `assignuseridexpr`
+* `assigngroupidexpr`
+* `maxclientvhost`
+* `nice`
+* `limituidrange` (Linux 3.5.0 or newer)
+* `limitgidrange` (Linux 3.5.0 or newer)
+
+Default value: `undef`
+
+##### `action`
+
+Data type: `Any`
+
+Specifies whether you wish to configure mod_actions action directive which will
+activate cgi-script when triggered by a request.
+
+Default value: `undef`
+
+##### `jk_mounts`
+
+Data type: `Any`
+
+Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths
+for URL mapping between Tomcat and Apache.
+The parameter must be an array of hashes where each hash must contain the `worker`
+and either the `mount` or `unmount` keys.
+Usage typically looks like:
+``` puppet
+apache::vhost { 'sample.example.net':
+ jk_mounts => [
+ { mount => '/*', worker => 'tcnode1', },
+ { unmount => '/*.jpg', worker => 'tcnode1', },
+ ],
+}
+```
+
+Default value: `undef`
+
+##### `http_protocol_options`
+
+Data type: `Optional[Pattern[/^((Strict|Unsafe)?\s*(\b(Registered|Lenient)Methods)?\s*(\b(Allow0\.9|Require1\.0))?)$/]]`
+
+Specifies the strictness of HTTP protocol checks.
+
+Default value: `undef`
+
+##### `keepalive`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Determines whether to enable persistent HTTP connections with the `KeepAlive` directive
+for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
+Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options
+for the virtual host.
+
+Default value: `undef`
+
+##### `keepalive_timeout`
+
+Data type: `Any`
+
+Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount
+of time to wait for subsequent requests on a persistent HTTP connection. By default, the
+global, server-wide `KeepAlive` setting is in effect.
+This parameter is only relevant if either the global, server-wide `keepalive` parameter or
+the per-vhost `keepalive` parameter is enabled.
+
+Default value: `undef`
+
+##### `max_keepalive_requests`
+
+Data type: `Any`
+
+Limits the number of requests allowed per connection to the virtual host. By default,
+the global, server-wide `KeepAlive` setting is in effect.
+This parameter is only relevant if either the global, server-wide `keepalive` parameter or
+the per-vhost `keepalive` parameter is enabled.
+
+Default value: `undef`
+
+##### `auth_kerb`
+
+Data type: `Boolean`
+
+Enable `mod_auth_kerb` parameters for a virtual host.
+Usage typically looks like:
+``` puppet
+apache::vhost { 'sample.example.net':
+ auth_kerb => `true`,
+ krb_method_negotiate => 'on',
+ krb_auth_realms => ['EXAMPLE.ORG'],
+ krb_local_user_mapping => 'on',
+ directories => {
+ path => '/var/www/html',
+ auth_name => 'Kerberos Login',
+ auth_type => 'Kerberos',
+ auth_require => 'valid-user',
+ },
+}
+```
+
+Default value: `false`
+
+##### `krb_method_negotiate`
+
+Data type: `Any`
+
+Determines whether to use the Negotiate method.
+
+Default value: 'on'
+
+##### `krb_method_k5passwd`
+
+Data type: `Any`
+
+Determines whether to use password-based authentication for Kerberos v5.
+
+Default value: 'on'
+
+##### `krb_authoritative`
+
+Data type: `Any`
+
+If set to `off`, authentication controls can be passed on to another module.
+
+Default value: 'on'
+
+##### `krb_auth_realms`
+
+Data type: `Any`
+
+Specifies an array of Kerberos realms to use for authentication.
+
+Default value: []
+
+##### `krb_5keytab`
+
+Data type: `Any`
+
+Specifies the Kerberos v5 keytab file's location.
+
+Default value: `undef`
+
+##### `krb_local_user_mapping`
+
+Data type: `Any`
+
+Strips @REALM from usernames for further use.
+
+Default value: `undef`
+
+##### `krb_verify_kdc`
+
+Data type: `Any`
+
+This option can be used to disable the verification tickets against local keytab to prevent
+KDC spoofing attacks.
+
+Default value: 'on'
+
+##### `krb_servicename`
+
+Data type: `Any`
+
+Specifies the service name that will be used by Apache for authentication. Corresponding
+key of this name must be stored in the keytab.
+
+Default value: 'HTTP'
+
+##### `krb_save_credentials`
+
+Data type: `Any`
+
+This option enables credential saving functionality.
+
+Default value: 'off'
+
+##### `logroot`
+
+Data type: `Any`
+
+Specifies the location of the virtual host's logfiles.
+
+Default value: $::apache::logroot
+
+##### `logroot_ensure`
+
+Data type: `Enum['directory', 'absent']`
+
+Determines whether or not to remove the logroot directory for a virtual host.
+
+Default value: 'directory'
+
+##### `logroot_mode`
+
+Data type: `Any`
+
+Overrides the mode the logroot directory is set to. Do *not* grant write access to the
+directory the logs are stored in without being aware of the consequences; for more
+information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
+
+Default value: `undef`
+
+##### `logroot_owner`
+
+Data type: `Any`
+
+Sets individual user access to the logroot directory.
+
+Default value: `undef`
+
+##### `logroot_group`
+
+Data type: `Any`
+
+Sets group access to the `logroot` directory.
+
+Default value: `undef`
+
+##### `log_level`
+
+Data type: `Any`
+
+Specifies the verbosity of the error log.
+
+Default value: `undef`
+
+##### `modsec_body_limit`
+
+Data type: `Any`
+
+Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
+
+Default value: `undef`
+
+##### `modsec_disable_vhost`
+
+Data type: `Any`
+
+Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
+
+Default value: `undef`
+
+##### `modsec_disable_ids`
+
+Data type: `Optional[Variant[Hash, Array]]`
+
+Removes `mod_security` IDs from the virtual host.
+Also takes a hash allowing removal of an ID from a specific location.
+``` puppet
+apache::vhost { 'sample.example.net':
+ modsec_disable_ids => [ 90015, 90016 ],
+}
+```
+
+``` puppet
+apache::vhost { 'sample.example.net':
+ modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
+}
+```
+
+Default value: `undef`
+
+##### `modsec_disable_ips`
+
+Data type: `Any`
+
+Specifies an array of IP addresses to exclude from `mod_security` rule matching.
+
+Default value: `undef`
+
+##### `modsec_disable_msgs`
+
+Data type: `Optional[Variant[Hash, Array]]`
+
+Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing
+removal of an Msg from a specific location.
+``` puppet
+apache::vhost { 'sample.example.net':
+ modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
+}
+```
+``` puppet
+apache::vhost { 'sample.example.net':
+ modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
+}
+```
+
+Default value: `undef`
+
+##### `modsec_disable_tags`
+
+Data type: `Optional[Variant[Hash, Array]]`
+
+Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing
+removal of an Tag from a specific location.
+``` puppet
+apache::vhost { 'sample.example.net':
+ modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
+}
+```
+``` puppet
+apache::vhost { 'sample.example.net':
+ modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
+}
+```
+
+Default value: `undef`
+
+##### `modsec_audit_log_file`
+
+Data type: `Any`
+
+If set, it is relative to `logroot`.
+One of the parameters that determines how to send `mod_security` audit
+log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+If none of those parameters are set, the global audit log is used
+(`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+
+Default value: `undef`
+
+##### `modsec_audit_log_pipe`
+
+Data type: `Any`
+
+If `modsec_audit_log_pipe` is set, it should start with a pipe. Example
+`|/path/to/mlogc /path/to/mlogc.conf`.
+One of the parameters that determines how to send `mod_security` audit
+log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+If none of those parameters are set, the global audit log is used
+(`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+
+Default value: `undef`
+
+##### `modsec_audit_log`
+
+Data type: `Any`
+
+If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it
+defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts
+and `example.com\_security.log` for unencrypted virtual hosts.
+One of the parameters that determines how to send `mod_security` audit
+log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+If none of those parameters are set, the global audit log is used
+(`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+
+Default value: `undef`
+
+##### `no_proxy_uris`
+
+Data type: `Any`
+
+Specifies URLs you do not want to proxy. This parameter is meant to be used in combination
+with [`proxy_dest`](#proxy_dest).
+
+Default value: []
+
+##### `no_proxy_uris_match`
+
+Data type: `Any`
+
+This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
+
+Default value: []
+
+##### `proxy_preserve_host`
+
+Data type: `Any`
+
+Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
+Setting this parameter to `true` enables the `Host:` line from an incoming request to be
+proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
+
+Default value: `false`
+
+##### `proxy_add_headers`
+
+Data type: `Any`
+
+Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
+This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,
+X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
+
+Default value: `undef`
+
+##### `proxy_error_override`
+
+Data type: `Any`
+
+Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride).
+This directive controls whether Apache should override error pages for proxied content.
+
+Default value: `false`
+
+##### `options`
+
+Data type: `Any`
+
+Sets the `Options` for the specified virtual host. For example:
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ options => ['Indexes','FollowSymLinks','MultiViews'],
+}
+```
+> **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options',
+'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
+
+Default value: ['Indexes','FollowSymLinks','MultiViews']
+
+##### `override`
+
+Data type: `Any`
+
+Sets the overrides for the specified virtual host. Accepts an array of
+[AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
+
+Default value: ['None']
+
+##### `passenger_enabled`
+
+Data type: `Optional[Boolean]`
+
+Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)
+directive to `on` or `off`. Requires `apache::mod::passenger` to be included.
+``` puppet
+apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ passenger_enabled => 'on',
+ },
+ ],
+}
+```
+> **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)
+using the PassengerEnabled directive with the PassengerHighPerformance directive.
+
+Default value: `undef`
+
+##### `passenger_base_uri`
+
+Data type: `Optional[String]`
+
+Sets [PassengerBaseURI](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbase_rui),
+ to specify that the given URI is a distinct application served by Passenger.
+
+Default value: `undef`
+
+##### `passenger_ruby`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby),
+specifying the Ruby interpreter to use when serving the relevant web applications.
+
+Default value: `undef`
+
+##### `passenger_python`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Sets [PassengerPython](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpython),
+specifying the Python interpreter to use when serving the relevant web applications.
+
+Default value: `undef`
+
+##### `passenger_nodejs`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs),
+specifying Node.js command to use when serving the relevant web applications.
+
+Default value: `undef`
+
+##### `passenger_meteor_app_settings`
+
+Data type: `Optional[String]`
+
+Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/library/config/apache/reference/#passengermeteorappsettings),
+specifying a JSON file with settings for the application when using a Meteor
+application in non-bundled mode.
+
+Default value: `undef`
+
+##### `passenger_app_env`
+
+Data type: `Optional[String]`
+
+Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv),
+the environment for the Passenger application. If not specified, defaults to the global
+setting or 'production'.
+
+Default value: `undef`
+
+##### `passenger_app_root`
+
+Data type: `Optional[Stdlib::Absolutepath]`
+
+Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot),
+the location of the Passenger application root if different from the DocumentRoot.
+
+Default value: `undef`
+
+##### `passenger_app_group_name`
+
+Data type: `Optional[String]`
+
+Sets [PassengerAppGroupName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappgroupname),
+ the name of the application group that the current application should belong to.
+
+Default value: `undef`
+
+##### `passenger_app_type`
+
+Data type: `Optional[Enum['meteor', 'node', 'rack', 'wsgi']]`
+
+Sets [PassengerAppType](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapptype),
+ to force Passenger to recognize the application as a specific type.
+
+Default value: `undef`
+
+##### `passenger_startup_file`
+
+Data type: `Optional[String]`
+
+Sets the [PassengerStartupFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)
+path. This path is relative to the application root.
+
+Default value: `undef`
+
+##### `passenger_restart_dir`
+
+Data type: `Optional[String]`
+
+Sets the [PassengerRestartDir](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrestartdir)
+ to customize the directory in which `restart.txt` is searched for.
+
+Default value: `undef`
+
+##### `passenger_spawn_method`
+
+Data type: `Optional[Enum['direct', 'smart']]`
+
+Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod),
+whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+
+Default value: `undef`
+
+##### `passenger_load_shell_envvars`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloadshellenvvars),
+to enable or disable the loading of shell environment variables before spawning the application.
+
+Default value: `undef`
+
+##### `passenger_rolling_restarts`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrollingrestarts),
+to enable or disable support for zero-downtime application restarts through `restart.txt`.
+
+Default value: `undef`
+
+##### `passenger_resist_deployment_errors`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/library/config/apache/reference/#passengerresistdeploymenterrors),
+to enable or disable resistance against deployment errors.
+
+Default value: `undef`
+
+##### `passenger_user`
+
+Data type: `Optional[String]`
+
+Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser),
+the running user for sandboxing applications.
+
+Default value: `undef`
+
+##### `passenger_group`
+
+Data type: `Optional[String]`
+
+Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup),
+the running group for sandboxing applications.
+
+Default value: `undef`
+
+##### `passenger_friendly_error_pages`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/library/config/apache/reference/#passengerfriendlyerrorpages),
+which can display friendly error pages whenever an application fails to start. This
+friendly error page presents the startup error message, some suggestions for solving
+the problem, a backtrace and a dump of the environment variables.
+
+Default value: `undef`
+
+##### `passenger_min_instances`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances),
+the minimum number of application processes to run.
+
+Default value: `undef`
+
+##### `passenger_max_instances`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMaxInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstances),
+the maximum number of application processes to run.
+
+Default value: `undef`
+
+##### `passenger_max_preloader_idle_time`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpreloaderidletime),
+the maximum amount of time the preloader waits before shutting down an idle process.
+
+Default value: `undef`
+
+##### `passenger_force_max_concurrent_requests_per_process`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/library/config/apache/reference/#passengerforcemaxconcurrentrequestsperprocess),
+the maximum amount of concurrent requests the application can handle per process.
+
+Default value: `undef`
+
+##### `passenger_start_timeout`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout),
+the timeout for the application startup.
+
+Default value: `undef`
+
+##### `passenger_concurrency_model`
+
+Data type: `Optional[Enum['process', 'thread']]`
+
+Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerconcurrencyodel),
+to specify the I/O concurrency model that should be used for Ruby application processes.
+Passenger supports two concurrency models:
+* `process` – single-threaded, multi-processed I/O concurrency.
+* `thread` – multi-threaded, multi-processed I/O concurrency.
+
+Default value: `undef`
+
+##### `passenger_thread_count`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerThreadCount](https://www.phusionpassenger.com/library/config/apache/reference/#passengerthreadcount),
+the number of threads that Passenger should spawn per Ruby application process.
+This option only has effect if PassengerConcurrencyModel is `thread`.
+
+Default value: `undef`
+
+##### `passenger_max_requests`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests),
+the maximum number of requests an application process will process.
+
+Default value: `undef`
+
+##### `passenger_max_request_time`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequesttime),
+the maximum amount of time, in seconds, that an application process may take to
+process a request.
+
+Default value: `undef`
+
+##### `passenger_memory_limit`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/library/config/apache/reference/#passengermemorylimit),
+the maximum amount of memory that an application process may use, in megabytes.
+
+Default value: `undef`
+
+##### `passenger_stat_throttle_rate`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstatthrottlerate),
+to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
+
+Default value: `undef`
+
+##### `passenger_pre_start`
+
+Data type: `Optional[Variant[String,Array[String]]]`
+
+Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart),
+the URL of the application if pre-starting is required.
+
+Default value: `undef`
+
+##### `passenger_high_performance`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerHighPerformance](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance),
+to enhance performance in return for reduced compatibility.
+
+Default value: `undef`
+
+##### `passenger_buffer_upload`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerBufferUpload](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferupload),
+to buffer HTTP client request bodies before they are sent to the application.
+
+Default value: `undef`
+
+##### `passenger_buffer_response`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerBufferResponse](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferresponse),
+to buffer Happlication-generated responses.
+
+Default value: `undef`
+
+##### `passenger_error_override`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerErrorOverride](https://www.phusionpassenger.com/library/config/apache/reference/#passengererroroverride),
+to specify whether Apache will intercept and handle response with HTTP status codes of
+400 and higher.
+
+Default value: `undef`
+
+##### `passenger_max_request_queue_size`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize),
+to specify the maximum amount of requests that are allowed to queue whenever the maximum
+concurrent request limit is reached. If the queue is already at this specified limit, then
+Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
+A value of 0 means that the queue size is unbounded.
+
+Default value: `undef`
+
+##### `passenger_max_request_queue_time`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuetime),
+to specify the maximum amount of time that requests are allowed to stay in the queue
+whenever the maximum concurrent request limit is reached. If a request reaches this specified
+limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
+A value of 0 means that the queue time is unbounded.
+
+Default value: `undef`
+
+##### `passenger_sticky_sessions`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerStickySessions](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions),
+to specify that, whenever possible, all requests sent by a client will be routed to the same
+originating application process.
+
+Default value: `undef`
+
+##### `passenger_sticky_sessions_cookie_name`
+
+Data type: `Optional[String]`
+
+Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessionscookiename),
+to specify the name of the sticky sessions cookie.
+
+Default value: `undef`
+
+##### `passenger_allow_encoded_slashes`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/library/config/apache/reference/#passengerallowencodedslashes),
+to allow URLs with encoded slashes. Please note that this feature will not work properly
+unless Apache's `AllowEncodedSlashes` is also enabled.
+
+Default value: `undef`
+
+##### `passenger_debugger`
+
+Data type: `Optional[Boolean]`
+
+Sets [PassengerDebugger](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdebugger),
+to turn support for Ruby application debugging on or off.
+
+Default value: `undef`
+
+##### `passenger_lve_min_uid`
+
+Data type: `Optional[Integer]`
+
+Sets [PassengerLveMinUid](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlveminuid),
+to only allow the spawning of application processes with UIDs equal to, or higher than, this
+specified value on LVE-enabled kernels.
+
+Default value: `undef`
+
+##### `php_values`
+
+Data type: `Any`
+
+Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php).
+These flags or values can be overwritten by a user or an application.
+Within a vhost declaration:
+``` puppet
+ php_values => [ 'include_path ".:/usr/local/example-app/include"' ],
+```
+
+Default value: {}
+
+##### `php_flags`
+
+Data type: `Any`
+
+Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php).
+These flags or values can be overwritten by a user or an application.
+
+Default value: {}
+
+##### `php_admin_values`
+
+Data type: `Any`
+
+Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php).
+These flags or values cannot be overwritten by a user or an application.
+
+Default value: {}
+
+##### `php_admin_flags`
+
+Data type: `Any`
+
+Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php).
+These flags or values cannot be overwritten by a user or an application.
+
+Default value: {}
+
+##### `port`
+
+Data type: `Any`
+
+Sets the port the host is configured on. The module's defaults ensure the host listens
+on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only
+listens on the port set in this parameter.
+
+Default value: `undef`
+
+##### `priority`
+
+Data type: `Any`
+
+Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
+If nothing matches the priority, the first name-based virtual host is used. Likewise,
+passing a higher priority causes the alphabetically first name-based virtual host to be
+used if no other names match.
+> **Note:** You should not need to use this parameter. However, if you do use it, be
+aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
+To omit the priority prefix in file names, pass a priority of `false`.
+
+Default value: `undef`
+
+##### `protocols`
+
+Data type: `Array[Enum['h2', 'h2c', 'http/1.1']]`
+
+Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
+directive, which lists available protocols for the virutal host.
+
+Default value: []
+
+##### `protocols_honor_order`
+
+Data type: `Optional[Boolean]`
+
+Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
+directive which determines wether the order of Protocols sets precedence during negotiation.
+
+Default value: `undef`
+
+##### `proxy_dest`
+
+Data type: `Any`
+
+Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
+
+Default value: `undef`
+
+##### `proxy_pass`
+
+Data type: `Any`
+
+Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)
+configuration. Optionally, parameters can be added as an array.
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ proxy_pass => [
+ { 'path' => '/a', 'url' => 'http://backend-a/' },
+ { 'path' => '/b', 'url' => 'http://backend-b/' },
+ { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
+ { 'path' => '/l', 'url' => 'http://backend-xy',
+ 'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
+ { 'path' => '/d', 'url' => 'http://backend-a/d',
+ 'params' => { 'retry' => '0', 'timeout' => '5' }, },
+ { 'path' => '/e', 'url' => 'http://backend-a/e',
+ 'keywords' => ['nocanon', 'interpolate'] },
+ { 'path' => '/f', 'url' => 'http://backend-f/',
+ 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
+ { 'path' => '/g', 'url' => 'http://backend-g/',
+ 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
+ { 'path' => '/h', 'url' => 'http://backend-h/h',
+ 'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
+ ],
+}
+```
+* `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
+* `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
+* `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
+* `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
+
+Default value: `undef`
+
+##### `proxy_dest_match`
+
+Data type: `Any`
+
+This directive is equivalent to `proxy_dest`, but takes regular expressions, see
+[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
+for details.
+
+Default value: `undef`
+
+##### `proxy_dest_reverse_match`
+
+Data type: `Any`
+
+Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See
+[ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)
+for details.
+
+Default value: `undef`
+
+##### `proxy_pass_match`
+
+Data type: `Any`
+
+This directive is equivalent to `proxy_pass`, but takes regular expressions, see
+[ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
+for details.
+
+Default value: `undef`
+
+##### `redirect_dest`
+
+Data type: `Any`
+
+Specifies the address to redirect to.
+
+Default value: `undef`
+
+##### `redirect_source`
+
+Data type: `Any`
+
+Specifies the source URIs that redirect to the destination specified in `redirect_dest`.
+If more than one item for redirect is supplied, the source and destination must be the same
+length, and the items are order-dependent.
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ redirect_source => ['/images','/downloads'],
+ redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],
+}
+```
+
+Default value: '/'
+
+##### `redirect_status`
+
+Data type: `Any`
+
+Specifies the status to append to the redirect.
+``` puppet
+ apache::vhost { 'site.name.fdqn':
+ …
+ redirect_status => ['temp','permanent'],
+}
+```
+
+Default value: `undef`
+
+##### `redirectmatch_regexp`
+
+Data type: `Any`
+
+Determines which server status should be raised for a given regular expression
+and where to forward the user to. Entered as an array alongside redirectmatch_status
+and redirectmatch_dest.
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ redirectmatch_status => ['404','404'],
+ redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+ redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+}
+```
+
+Default value: `undef`
+
+##### `redirectmatch_status`
+
+Data type: `Any`
+
+Determines which server status should be raised for a given regular expression
+and where to forward the user to. Entered as an array alongside redirectmatch_regexp
+and redirectmatch_dest.
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ redirectmatch_status => ['404','404'],
+ redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+ redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+}
+```
+
+Default value: `undef`
+
+##### `redirectmatch_dest`
+
+Data type: `Any`
+
+Determines which server status should be raised for a given regular expression
+and where to forward the user to. Entered as an array alongside redirectmatch_status
+and redirectmatch_regexp.
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ redirectmatch_status => ['404','404'],
+ redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+ redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+}
+```
+
+Default value: `undef`
+
+##### `request_headers`
+
+Data type: `Any`
+
+Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)
+in various ways, including adding additional request headers, removing request headers,
+and so on.
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ request_headers => [
+ 'append MirrorID "mirror 12"',
+ 'unset MirrorID',
+ ],
+}
+```
+
+Default value: `undef`
+
+##### `rewrites`
+
+Data type: `Optional[Array]`
+
+Creates URL rewrite rules. Expects an array of hashes.
+Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`
+or `rewrite_map`.
+For example, you can specify that anyone trying to access index.html is served welcome.html
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
+}
+```
+The parameter allows rewrite conditions that, when `true`, execute the associated rule.
+For instance, if you wanted to rewrite URLs only if the visitor is using IE
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ {
+ comment => 'redirect IE',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ },
+ ],
+}
+```
+You can also apply multiple conditions. For instance, rewrite index.html to welcome.html
+only when the browser is Lynx or Mozilla (version 1 or 2)
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ {
+ comment => 'Lynx or Mozilla v1/2',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ },
+ ],
+}
+```
+Multiple rewrites and conditions are also possible
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ {
+ comment => 'Lynx or Mozilla v1/2',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+ rewrite_rule => ['^index\.html$ welcome.html'],
+ },
+ {
+ comment => 'Internet Explorer',
+ rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+ rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+ },
+ {
+ rewrite_base => /apps/,
+ rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+ },
+ { comment => 'Rewrite to lower case',
+ rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+ rewrite_map => ['lc int:tolower'],
+ rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+ },
+ ],
+}
+```
+Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)
+for more details on what is possible with rewrite rules and conditions.
+> **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite`
+and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather
+than setting the rewrites in the virtual host's directories.
+
+Default value: `undef`
+
+##### `rewrite_base`
+
+Data type: `Any`
+
+The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
+specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
+that substitue a relative path.
+
+Default value: `undef`
+
+##### `rewrite_rule`
+
+Data type: `Any`
+
+The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
+allows the user to define the rules that will be used by the rewrite engine.
+
+Default value: `undef`
+
+##### `rewrite_cond`
+
+Data type: `Any`
+
+The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
+defines a rule condition, that when satisfied will implement that rule within the
+rewrite engine.
+
+Default value: `undef`
+
+##### `rewrite_inherit`
+
+Data type: `Any`
+
+Determines whether the virtual host inherits global rewrite rules.
+Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or
+inside the virtual host `.conf` file. By default, virtual hosts do not inherit
+global settings. To activate inheritance, specify the `rewrites` parameter and set
+`rewrite_inherit` parameter to `true`:
+``` puppet
+apache::vhost { 'site.name.fdqn':
+ …
+ rewrites => [
+ ,
+ ],
+ rewrite_inherit => `true`,
+}
+```
+> **Note**: The `rewrites` parameter is **required** for this to have effect
+Apache activates global `Rewrite` rules inheritance if the virtual host files contains
+the following directives:
+``` ApacheConf
+RewriteEngine On
+RewriteOptions Inherit
+```
+Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
+documentation, section "Rewriting in Virtual Hosts".
+
+Default value: `false`
+
+##### `scriptalias`
+
+Data type: `Any`
+
+Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as
+'/usr/scripts'.
+
+Default value: `undef`
+
+##### `scriptaliases`
+
+Data type: `Any`
+
+> **Note**: This parameter is deprecated in favor of the `aliases` parameter.
+Passes an array of hashes to the virtual host to create either ScriptAlias or
+ScriptAliasMatch statements per the `mod_alias` documentation.
+``` puppet
+scriptaliases => [
+ {
+ alias => '/myscript',
+ path => '/usr/share/myscript',
+ },
+ {
+ aliasmatch => '^/foo(.*)',
+ path => '/usr/share/fooscripts$1',
+ },
+ {
+ aliasmatch => '^/bar/(.*)',
+ path => '/usr/share/bar/wrapper.sh/$1',
+ },
+ {
+ alias => '/neatscript',
+ path => '/usr/share/neatscript',
+ },
+]
+```
+The ScriptAlias and ScriptAliasMatch directives are created in the order specified.
+As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases
+before more general ones to avoid shadowing.
+
+Default value: []
+
+##### `serveradmin`
+
+Data type: `Any`
+
+Specifies the email address Apache displays when it renders one of its error pages.
+
+Default value: `undef`
+
+##### `serveraliases`
+
+Data type: `Any`
+
+Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)
+of the site.
+
+Default value: []
+
+##### `servername`
+
+Data type: `Any`
+
+Sets the servername corresponding to the hostname you connect to the virtual host at.
+
+Default value: $name
+
+##### `setenv`
+
+Data type: `Any`
+
+Used by HTTPD to set environment variables for virtual hosts.
+Example:
+``` puppet
+apache::vhost { 'setenv.example.com':
+ setenv => ['SPECIAL_PATH /foo/bin'],
+}
+```
+
+Default value: []
+
+##### `setenvif`
+
+Data type: `Any`
+
+Used by HTTPD to conditionally set environment variables for virtual hosts.
+
+Default value: []
+
+##### `setenvifnocase`
+
+Data type: `Any`
+
+Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
+
+Default value: []
+
+##### `suexec_user_group`
+
+Data type: `Optional[Pattern[/^[\w-]+ [\w-]+$/]]`
+
+Allows the spcification of user and group execution privileges for CGI programs through
+inclusion of the `mod_suexec` module.
+
+Default value: `undef`
+
+##### `suphp_addhandler`
+
+Data type: `Any`
+
+Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+working together with suphp_configpath and suphp_engine.
+An example virtual host configuration with suPHP:
+``` puppet
+apache::vhost { 'suphp.example.com':
+ port => '80',
+ docroot => '/home/appuser/myphpapp',
+ suphp_addhandler => 'x-httpd-php',
+ suphp_engine => 'on',
+ suphp_configpath => '/etc/php5/apache2',
+ directories => { path => '/home/appuser/myphpapp',
+ 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+ }
+}
+```
+
+Default value: $::apache::params::suphp_addhandler
+
+##### `suphp_configpath`
+
+Data type: `Any`
+
+Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+working together with suphp_addhandler and suphp_engine.
+An example virtual host configuration with suPHP:
+``` puppet
+apache::vhost { 'suphp.example.com':
+ port => '80',
+ docroot => '/home/appuser/myphpapp',
+ suphp_addhandler => 'x-httpd-php',
+ suphp_engine => 'on',
+ suphp_configpath => '/etc/php5/apache2',
+ directories => { path => '/home/appuser/myphpapp',
+ 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+ }
+}
+```
+
+Default value: $::apache::params::suphp_configpath
+
+##### `suphp_engine`
+
+Data type: `Enum['on', 'off']`
+
+Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+working together with suphp_configpath and suphp_addhandler.
+An example virtual host configuration with suPHP:
+``` puppet
+apache::vhost { 'suphp.example.com':
+ port => '80',
+ docroot => '/home/appuser/myphpapp',
+ suphp_addhandler => 'x-httpd-php',
+ suphp_engine => 'on',
+ suphp_configpath => '/etc/php5/apache2',
+ directories => { path => '/home/appuser/myphpapp',
+ 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+ }
+}
+```
+
+Default value: $::apache::params::suphp_engine
+
+##### `vhost_name`
+
+Data type: `Any`
+
+Enables name-based virtual hosting. If no IP is passed to the virtual host, but the
+virtual host is assigned a port, then the virtual host name is `vhost_name:port`.
+If the virtual host has no assigned IP or port, the virtual host name is set to the
+title of the resource.
+
+Default value: '*'
+
+##### `virtual_docroot`
+
+Data type: `Any`
+
+Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the
+same name. For example, `http://example.com` would map to `/var/www/example.com`.
+``` puppet
+apache::vhost { 'subdomain.loc':
+ vhost_name => '*',
+ port => '80',
+ virtual_docroot => '/var/www/%-2+',
+ docroot => '/var/www',
+ serveraliases => ['*.loc',],
+}
+```
+
+Default value: `false`
+
+##### `wsgi_daemon_process`
+
+Data type: `Optional[Variant[String,Hash]]`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process_options, wsgi_process_group,
+wsgi_script_aliases and wsgi_pass_authorization.
+A hash that sets the name of the WSGI daemon, accepting
+[certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).
+An example virtual host configuration with WSGI:
+``` puppet
+apache::vhost { 'wsgi.example.com':
+ port => '80',
+ docroot => '/var/www/pythonapp',
+ wsgi_daemon_process => 'wsgi',
+ wsgi_daemon_process_options =>
+ { processes => '2',
+ threads => '15',
+ display-name => '%{GROUP}',
+ },
+ wsgi_process_group => 'wsgi',
+ wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
+ wsgi_chunked_request => 'On',
+}
+```
+
+Default value: `undef`
+
+##### `wsgi_daemon_process_options`
+
+Data type: `Optional[Hash]`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_process_group,
+wsgi_script_aliases and wsgi_pass_authorization.
+Sets the group ID that the virtual host runs under.
+
+Default value: `undef`
+
+##### `wsgi_application_group`
+
+Data type: `Any`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+and wsgi_pass_authorization.
+This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),
+thus allowing you to specify which application group the WSGI application belongs to,
+with all WSGI applications within the same group executing within the context of the
+same Python sub interpreter.
+
+Default value: `undef`
+
+##### `wsgi_import_script`
+
+Data type: `Any`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+and wsgi_pass_authorization.
+This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+which can be used in order to specify a script file to be loaded upon a process starting.
+
+Default value: `undef`
+
+##### `wsgi_import_script_options`
+
+Data type: `Optional[Hash]`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+and wsgi_pass_authorization.
+This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+which can be used in order to specify a script file to be loaded upon a process starting.
+Specifies the process and aplication groups of the script.
+
+Default value: `undef`
+
+##### `wsgi_chunked_request`
+
+Data type: `Any`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+and wsgi_pass_authorization.
+This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),
+allowing you to enable support for chunked request content.
+WSGI is technically incapable of supporting chunked request content without all chunked
+request content having first been read in and buffered.
+
+Default value: `undef`
+
+##### `wsgi_process_group`
+
+Data type: `Any`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options,
+wsgi_script_aliases and wsgi_pass_authorization.
+Requires a hash of web paths to filesystem `.wsgi paths/`.
+
+Default value: `undef`
+
+##### `wsgi_script_aliases`
+
+Data type: `Optional[Hash]`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+and wsgi_pass_authorization.
+Uses the WSGI application to handle authorization instead of Apache when set to `On`.
+For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+
+Default value: `undef`
+
+##### `wsgi_script_aliases_match`
+
+Data type: `Optional[Hash]`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+and wsgi_pass_authorization.
+Uses the WSGI application to handle authorization instead of Apache when set to `On`.
+This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
+in place of simple prefix matching.
+For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+
+Default value: `undef`
+
+##### `wsgi_pass_authorization`
+
+Data type: `Optional[Enum['on', 'off', 'On', 'Off']]`
+
+Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
+wsgi_script_aliases.
+Enables support for chunked requests.
+
+Default value: `undef`
+
+##### `directories`
+
+Data type: `Optional[Variant[Hash, Array[Variant[Array,Hash]]]]`
+
+The `directories` parameter within the `apache::vhost` class passes an array of hashes
+to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory),
+[File](https://httpd.apache.org/docs/current/mod/core.html#files), and
+[Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks.
+These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.
+The `path` key sets the path for the directory, files, and location blocks. Its value
+must be a path for the `directory`, `files`, and `location` providers, or a regex for
+the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to
+`directories` **must** contain `path` as one of the keys.
+The `provider` key is optional. If missing, this key defaults to `directory`.
+ Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`,
+`proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it
+uses the keyword `DirectoryMatch` in the Apache config file.
+An example use of `directories`:
+``` puppet
+apache::vhost { 'files.example.net':
+ docroot => '/var/www/files',
+ directories => [
+ { 'path' => '/var/www/files',
+ 'provider' => 'files',
+ 'deny' => 'from all',
+ },
+ ],
+}
+```
+> **Note:** At least one directory should match the `docroot` parameter. After you
+start declaring directories, `apache::vhost` assumes that all required Directory blocks
+will be declared. If not defined, a single default Directory block is created that matches
+the `docroot` parameter.
+Available handlers, represented as keys, should be placed within the `directory`,
+`files`, or `location` hashes. This looks like
+``` puppet
+apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [ { path => '/path/to/directory', handler => value } ],
+}
+```
+Any handlers you do not set in these hashes are considered `undefined` within Puppet and
+are not added to the virtual host, resulting in the module using their default values.
+
+Default value: `undef`
+
+##### `custom_fragment`
+
+Pass a string of custom configuration directives to be placed at the end of the directory
+configuration.
+``` puppet
+apache::vhost { 'monitor':
+ …
+ directories => [
+ {
+ path => '/path/to/directory',
+ custom_fragment => '
+
+ SetHandler balancer-manager
+ Order allow,deny
+ Allow from all
+
+
+ SetHandler server-status
+ Order allow,deny
+ Allow from all
+
+ProxyStatus On',
+ },
+ ]
+}
+```
+
+Default value: `undef`
+
+##### `error_documents`
+
+An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
+settings for the directory.
+``` puppet
+apache::vhost { 'sample.example.net':
+ directories => [
+ { path => '/srv/www',
+ error_documents => [
+ { 'error_code' => '503',
+ 'document' => '/service-unavail',
+ },
+ ],
+ },
+ ],
+}
+```
+
+Default value: []
+
+##### `h2_copy_files`
+
+Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
+Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+
+Default value: `undef`
+
+##### `h2_push_resource`
+
+Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
+Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+
+Default value: []
+
+##### `headers`
+
+Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
+``` puppet
+apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => {
+ path => '/path/to/directory',
+ headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+ },
+}
+```
+
+Default value: `undef`
+
+##### `options`
+
+Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the
+given Directory block.
+``` puppet
+apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ options => ['Indexes','FollowSymLinks','MultiViews'],
+ },
+ ],
+}
+```
+
+Default value: ['Indexes','FollowSymLinks','MultiViews']
+
+##### `shib_compat_valid_user`
+
+Data type: `Optional[String]`
+
+Default is Off, matching the behavior prior to this command's existence. Addresses a conflict
+when using Shibboleth in conjunction with other auth/auth modules by restoring `standard`
+Apache behavior when processing the `valid-user` and `user` Require rules. See the
+[`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions),
+and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)
+topic for more details. This key is disabled if `apache::mod::shib` is not defined.
+
+Default value: `undef`
+
+##### `ssl_options`
+
+Data type: `Any`
+
+String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions),
+which configure SSL engine run-time options. This handler takes precedence over SSLOptions
+set in the parent block of the virtual host.
+``` puppet
+apache::vhost { 'secure.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/directory',
+ ssl_options => '+ExportCertData',
+ },
+ { path => '/path/to/different/dir',
+ ssl_options => ['-StdEnvVars', '+ExportCertData'],
+ },
+ ],
+}
+```
+
+Default value: `undef`
+
+##### `additional_includes`
+
+Specifies paths to additional static, specific Apache configuration files in virtual
+host directories.
+``` puppet
+apache::vhost { 'sample.example.net':
+ docroot => '/path/to/directory',
+ directories => [
+ { path => '/path/to/different/dir',
+ additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
+ },
+ ],
+}
+```
+
+Default value: []
+
+##### `ssl`
+
+Data type: `Boolean`
+
+Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
+
+Default value: `false`
+
+##### `ssl_ca`
+
+Data type: `Any`
+
+Specifies the SSL certificate authority to be used to verify client certificates used
+for authentication. You must also set `ssl_verify_client` to use this.
+
+Default value: $::apache::default_ssl_ca
+
+##### `ssl_cert`
+
+Data type: `Any`
+
+Specifies the SSL certification.
+
+Default value: $::apache::default_ssl_cert
+
+##### `ssl_protocol`
+
+Data type: `Any`
+
+Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol).
+Expects an array or space separated string of accepted protocols.
+
+Default value: `undef`
+
+##### `ssl_cipher`
+
+Data type: `Any`
+
+Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
+
+Default value: `undef`
+
+##### `ssl_honorcipherorder`
+
+Data type: `Any`
+
+Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder),
+to cause Apache to use the server's preferred order of ciphers rather than the client's
+preferred order.
+
+Default value: `undef`
+
+##### `ssl_certs_dir`
+
+Data type: `Any`
+
+Specifies the location of the SSL certification directory to verify client certs. Will not
+be used unless `ssl_verify_client` is also set (see below).
+
+Default value: $::apache::params::ssl_certs_dir
+
+##### `ssl_chain`
+
+Data type: `Any`
+
+Specifies the SSL chain. This default works out of the box, but it must be updated in
+the base `apache` class with your specific certificate information before being used in
+production.
+
+Default value: $::apache::default_ssl_chain
+
+##### `ssl_crl`
+
+Data type: `Any`
+
+Specifies the certificate revocation list to use. (This default works out of the box but
+must be updated in the base `apache` class with your specific certificate information
+before being used in production.)
+
+Default value: $::apache::default_ssl_crl
+
+##### `ssl_crl_path`
+
+Data type: `Any`
+
+Specifies the location of the certificate revocation list to verify certificates for
+client authentication with. (This default works out of the box but must be updated in
+the base `apache` class with your specific certificate information before being used in
+production.)
+
+Default value: $::apache::default_ssl_crl_path
+
+##### `ssl_crl_check`
+
+Data type: `Any`
+
+Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)
+for ssl client authentication. The default works out of the box but must be specified when
+using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on
+older versions.
+
+Default value: $::apache::default_ssl_crl_check
+
+##### `ssl_key`
+
+Data type: `Any`
+
+Specifies the SSL key.
+Defaults are based on your operating system. Default work out of the box but must be
+updated in the base `apache` class with your specific certificate information before
+being used in production.
+
+Default value: $::apache::default_ssl_key
+
+##### `ssl_verify_client`
+
+Data type: `Any`
+
+Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)
+directive, which sets the certificate verification level for client authentication.
+``` puppet
+apache::vhost { 'sample.example.net':
+ …
+ ssl_verify_client => 'optional',
+}
+```
+
+Default value: `undef`
+
+##### `ssl_verify_depth`
+
+Data type: `Any`
+
+Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)
+directive, which specifies the maximum depth of CA certificates in client certificate
+verification. You must set `ssl_verify_client` for it to take effect.
+``` puppet
+apache::vhost { 'sample.example.net':
+ …
+ ssl_verify_client => 'require',
+ ssl_verify_depth => 1,
+}
+```
+
+Default value: `undef`
+
+##### `ssl_proxy_protocol`
+
+Data type: `Any`
+
+Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)
+directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing
+its server environment for proxy. It connects to servers using only one of the provided
+protocols.
+
+Default value: `undef`
+
+##### `ssl_proxy_verify`
+
+Data type: `Optional[Enum['none', 'optional', 'require', 'optional_no_ca']]`
+
+Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)
+directive, which configures certificate verification of the remote server when a proxy is
+configured to forward requests to a remote SSL server.
+
+Default value: `undef`
+
+##### `ssl_proxy_verify_depth`
+
+Data type: `Optional[Integer[0]]`
+
+Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)
+directive, which configures how deeply mod_ssl should verify before deciding that the
+remote server does not have a valid certificate.
+A depth of 0 means that only self-signed remote server certificates are accepted,
+the default depth of 1 means the remote server certificate can be self-signed or
+signed by a CA that is directly known to the server.
+
+Default value: `undef`
+
+##### `ssl_proxy_cipher_suite`
+
+Data type: `Any`
+
+Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)
+directive, which controls cipher suites supported for ssl proxy traffic.
+
+Default value: `undef`
+
+##### `ssl_proxy_ca_cert`
+
+Data type: `Any`
+
+Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)
+directive, which specifies an all-in-one file where you can assemble the Certificates
+of Certification Authorities (CA) whose remote servers you deal with. These are used
+for Remote Server Authentication. This file should be a concatenation of the PEM-encoded
+certificate files in order of preference.
+
+Default value: `undef`
+
+##### `ssl_proxy_machine_cert`
+
+Data type: `Any`
+
+Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)
+directive, which specifies an all-in-one file where you keep the certs and keys used
+for this server to authenticate itself to remote servers. This file should be a
+concatenation of the PEM-encoded certificate files in order of preference.
+``` puppet
+apache::vhost { 'sample.example.net':
+ …
+ ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
+}
+```
+
+Default value: `undef`
+
+##### `ssl_proxy_check_peer_cn`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)
+directive, which specifies whether the remote server certificate's CN field is compared
+against the hostname of the request URL.
+
+Default value: `undef`
+
+##### `ssl_proxy_check_peer_name`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)
+directive, which specifies whether the remote server certificate's CN field is compared
+against the hostname of the request URL.
+
+Default value: `undef`
+
+##### `ssl_proxy_check_peer_expire`
+
+Data type: `Optional[Enum['on', 'off']]`
+
+Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)
+directive, which specifies whether the remote server certificate is checked for expiration
+or not.
+
+Default value: `undef`
+
+##### `ssl_options`
+
+Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)
+directive, which configures various SSL engine run-time options. This is the global
+setting for the given virtual host and can be a string or an array.
+A string:
+``` puppet
+apache::vhost { 'sample.example.net':
+ …
+ ssl_options => '+ExportCertData',
+}
+```
+An array:
+``` puppet
+apache::vhost { 'sample.example.net':
+ …
+ ssl_options => ['+StrictRequire', '+ExportCertData'],
+}
+```
+
+Default value: `undef`
+
+##### `ssl_openssl_conf_cmd`
+
+Data type: `Any`
+
+Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)
+directive, which provides direct configuration of OpenSSL parameters.
+
+Default value: `undef`
+
+##### `ssl_proxyengine`
+
+Data type: `Boolean`
+
+Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
+
+Default value: `false`
+
+##### `ssl_stapling`
+
+Data type: `Optional[Boolean]`
+
+Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling).
+By default, uses what is set globally.
+This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+
+Default value: `undef`
+
+##### `ssl_stapling_timeout`
+
+Data type: `Any`
+
+Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
+This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+
+Default value: `undef`
+
+##### `ssl_stapling_return_errors`
+
+Data type: `Any`
+
+Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
+This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+
+Default value: `undef`
+
+##### `use_canonical_name`
+
+Data type: `Optional[Enum['On', 'on', 'Off', 'off', 'DNS', 'dns']]`
+
+Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
+which allows you to configure how the server determines it's own name and port.
+
+Default value: `undef`
+
+### apache::vhost::custom
+
+The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
+
+#### Parameters
+
+The following parameters are available in the `apache::vhost::custom` defined type.
+
+##### `content`
+
+Data type: `Any`
+
+Sets the configuration file's content.
+
+##### `ensure`
+
+Data type: `Any`
+
+Specifies if the virtual host file is present or absent.
+
+Default value: 'present'
+
+##### `priority`
+
+Data type: `Any`
+
+Sets the relative load order for Apache HTTPD VirtualHost configuration files.
+
+Default value: '25'
+
+##### `verify_config`
+
+Data type: `Any`
+
+Specifies whether to validate the configuration file before notifying the Apache service.
+
+Default value: `true`
+
+## Resource types
+
+### a2mod
+
+Manage Apache 2 modules
+
+#### Properties
+
+The following properties are available in the `a2mod` type.
+
+##### `ensure`
+
+Valid values: present, absent
+
+The basic property that the resource should be in.
+
+Default value: present
+
+#### Parameters
+
+The following parameters are available in the `a2mod` type.
+
+##### `name`
+
+namevar
+
+The name of the module to be managed
+
+##### `lib`
+
+The name of the .so library to be loaded
+
+##### `identifier`
+
+Module identifier string used by LoadModule. Default: module-name_module
+
+## Functions
+
+### apache::apache_pw_hash
+
+Type: Ruby 4.x API
+
+Currently uses SHA-hashes, because although this format is considered insecure, its the
+most secure format supported by the most platforms.
+
+#### `apache::apache_pw_hash(String[1] $password)`
+
+Currently uses SHA-hashes, because although this format is considered insecure, its the
+most secure format supported by the most platforms.
+
+Returns: `String` Return's the hash of the input that was given.
+
+##### `password`
+
+Data type: `String[1]`
+
+The input that is to be hashed.
+
+### apache::bool2httpd
+
+Type: Ruby 4.x API
+
+Transform a supposed boolean to On or Off. Passes all other values through.
+
+#### Examples
+
+#####
+
+```puppet
+$trace_enable = false
+$server_signature = 'mail'
+
+bool2httpd($trace_enable) # returns 'Off'
+bool2httpd($server_signature) # returns 'mail'
+bool2httpd(undef) # returns 'Off'
+```
+
+#### `apache::bool2httpd(Any $arg)`
+
+The apache::bool2httpd function.
+
+Returns: `Any` Will return either `On` or `Off` if given a boolean value. Return's a string of any
+other given value.
+
+##### Examples
+
+######
+
+```puppet
+$trace_enable = false
+$server_signature = 'mail'
+
+bool2httpd($trace_enable) # returns 'Off'
+bool2httpd($server_signature) # returns 'mail'
+bool2httpd(undef) # returns 'Off'
+```
+
+##### `arg`
+
+Data type: `Any`
+
+The value to be converted into a string.
+
+### apache::validate_apache_log_level
+
+Type: Ruby 4.x API
+
+As per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+ * validate_apache_loglevel('info')
+
+Modules maybe specified with their own levels like these:
+ * validate_apache_loglevel('warn ssl:info')
+ * validate_apache_loglevel('warn mod_ssl.c:info')
+ * validate_apache_loglevel('warn ssl_module:info')
+
+Expected to be used from the main or vhost.
+Might be used from directory too later as apache supports that
+
+#### `apache::validate_apache_log_level(String $log_level)`
+
+As per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+ * validate_apache_loglevel('info')
+
+Modules maybe specified with their own levels like these:
+ * validate_apache_loglevel('warn ssl:info')
+ * validate_apache_loglevel('warn mod_ssl.c:info')
+ * validate_apache_loglevel('warn ssl_module:info')
+
+Expected to be used from the main or vhost.
+Might be used from directory too later as apache supports that
+
+Returns: `Any` Return's an error if the validation fails.
+
+##### `log_level`
+
+Data type: `String`
+
+The string that is to be validated.
+
+### apache_pw_hash
+
+Type: Ruby 3.x API
+
+Currently uses SHA-hashes, because although this format is considered insecure, its the
+most secure format supported by the most platforms.
+
+#### `apache_pw_hash(Any $password)`
+
+Currently uses SHA-hashes, because although this format is considered insecure, its the
+most secure format supported by the most platforms.
+
+Returns: `Any` Return's the hash of the input that was given.
+
+##### `password`
+
+Data type: `Any`
+
+The input that is to be hashed.
+
+### bool2httpd
+
+Type: Ruby 3.x API
+
+Transform a supposed boolean to On or Off. Pass all other values through.
+
+#### Examples
+
+#####
+
+```puppet
+$trace_enable = false
+$server_signature = 'mail'
+
+bool2httpd($trace_enable) # returns 'Off'
+bool2httpd($server_signature) # returns 'mail'
+bool2httpd(undef) # returns 'Off'
+```
+
+#### `bool2httpd(Any $arg)`
+
+The bool2httpd function.
+
+Returns: `Any` Will return either `On` or `Off` if given a boolean value. Return's a string of any
+other given value.
+
+##### Examples
+
+######
+
+```puppet
+$trace_enable = false
+$server_signature = 'mail'
+
+bool2httpd($trace_enable) # returns 'Off'
+bool2httpd($server_signature) # returns 'mail'
+bool2httpd(undef) # returns 'Off'
+```
+
+##### `arg`
+
+Data type: `Any`
+
+The value to be converted into a string.
+
+### validate_apache_log_level
+
+Type: Ruby 3.x API
+
+As per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+ * validate_apache_loglevel('info')
+Modules maybe specified with their own levels like these:
+ * validate_apache_loglevel('warn ssl:info')
+ * validate_apache_loglevel('warn mod_ssl.c:info')
+ * validate_apache_loglevel('warn ssl_module:info')
+Expected to be used from the main or vhost.
+Might be used from directory too later as apaceh supports that
+
+#### `validate_apache_log_level(Any $log_level)`
+
+As per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+ * validate_apache_loglevel('info')
+Modules maybe specified with their own levels like these:
+ * validate_apache_loglevel('warn ssl:info')
+ * validate_apache_loglevel('warn mod_ssl.c:info')
+ * validate_apache_loglevel('warn ssl_module:info')
+Expected to be used from the main or vhost.
+Might be used from directory too later as apaceh supports that
+
+Returns: `Any` Return's an error if the validation fails.
+
+##### `log_level`
+
+Data type: `Any`
+
+The string that is to be validated.
+
+## Tasks
+
+### init
+
+Allows you to perform apache service functions
+
+**Supports noop?** false
+
+#### Parameters
+
+##### `action`
+
+Data type: `Enum[reload]`
+
+Action to perform
+
+##### `service_name`
+
+Data type: `Optional[String[1]]`
+
+The name of the apache service
+
diff --git a/lib/puppet/functions/apache/apache_pw_hash.rb b/lib/puppet/functions/apache/apache_pw_hash.rb
index dc73bfd81c..77863e9424 100644
--- a/lib/puppet/functions/apache/apache_pw_hash.rb
+++ b/lib/puppet/functions/apache/apache_pw_hash.rb
@@ -1,8 +1,14 @@
-# Hashes a password in a format suitable for htpasswd files read by apache.
+# @summary
+# Hashes a password in a format suitable for htpasswd files read by apache.
#
# Currently uses SHA-hashes, because although this format is considered insecure, its the
# most secure format supported by the most platforms.
Puppet::Functions.create_function(:'apache::apache_pw_hash') do
+ # @param password
+ # The input that is to be hashed.
+ #
+ # @return
+ # Return's the hash of the input that was given.
dispatch :apache_pw_hash do
required_param 'String[1]', :password
return_type 'String'
diff --git a/lib/puppet/functions/apache/bool2httpd.rb b/lib/puppet/functions/apache/bool2httpd.rb
index a173c8b3e6..582c0db6af 100644
--- a/lib/puppet/functions/apache/bool2httpd.rb
+++ b/lib/puppet/functions/apache/bool2httpd.rb
@@ -1,18 +1,21 @@
-# Transform a supposed boolean to On or Off. Pass all other values through.
-# Given a nil value (undef), bool2httpd will return 'Off'
+# @summary
+# Transform a supposed boolean to On or Off. Passes all other values through.
#
-# Example:
-#
-# $trace_enable = false
-# $server_signature = 'mail'
-#
-# bool2httpd($trace_enable)
-# # => 'Off'
-# bool2httpd($server_signature)
-# # => 'mail'
-# bool2httpd(undef)
-# # => 'Off'
Puppet::Functions.create_function(:'apache::bool2httpd') do
+ # @param arg
+ # The value to be converted into a string.
+ #
+ # @return
+ # Will return either `On` or `Off` if given a boolean value. Return's a string of any
+ # other given value.
+ # @example
+ # $trace_enable = false
+ # $server_signature = 'mail'
+ #
+ # bool2httpd($trace_enable) # returns 'Off'
+ # bool2httpd($server_signature) # returns 'mail'
+ # bool2httpd(undef) # returns 'Off'
+ #
def bool2httpd(arg)
return 'Off' if arg.nil? || arg == false || arg =~ %r{false}i || arg == :undef
return 'On' if arg == true || arg =~ %r{true}i
diff --git a/lib/puppet/functions/apache/validate_apache_log_level.rb b/lib/puppet/functions/apache/validate_apache_log_level.rb
index 1ae906cfd5..0f581f7cd5 100644
--- a/lib/puppet/functions/apache/validate_apache_log_level.rb
+++ b/lib/puppet/functions/apache/validate_apache_log_level.rb
@@ -1,15 +1,22 @@
-# Perform simple validation of a string against the list of known log
-# levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel
-# validate_apache_loglevel('info')
+# @summary
+# Perform simple validation of a string against the list of known log levels.
#
-# Modules maybe specified with their own levels like these:
-# validate_apache_loglevel('warn ssl:info')
-# validate_apache_loglevel('warn mod_ssl.c:info')
-# validate_apache_loglevel('warn ssl_module:info')
+# As per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+# * validate_apache_loglevel('info')
#
-# Expected to be used from the main or vhost.
-# Might be used from directory too later as apache supports that
+# Modules maybe specified with their own levels like these:
+# * validate_apache_loglevel('warn ssl:info')
+# * validate_apache_loglevel('warn mod_ssl.c:info')
+# * validate_apache_loglevel('warn ssl_module:info')
+#
+# Expected to be used from the main or vhost.
+# Might be used from directory too later as apache supports that
Puppet::Functions.create_function(:'apache::validate_apache_log_level') do
+ # @param log_level
+ # The string that is to be validated.
+ #
+ # @return
+ # Return's an error if the validation fails.
dispatch :validate_apache_log_level do
required_param 'String', :log_level
end
diff --git a/lib/puppet/parser/functions/apache_pw_hash.rb b/lib/puppet/parser/functions/apache_pw_hash.rb
index eda0875e59..2395e5b28b 100644
--- a/lib/puppet/parser/functions/apache_pw_hash.rb
+++ b/lib/puppet/parser/functions/apache_pw_hash.rb
@@ -1,9 +1,17 @@
require 'base64'
Puppet::Parser::Functions.newfunction(:apache_pw_hash, type: :rvalue, doc: <<-DOC
- Hashes a password in a format suitable for htpasswd files read by apache.
+ @summary
+ Hashes a password in a format suitable for htpasswd files read by apache.
+
Currently uses SHA-hashes, because although this format is considered insecure, its the
most secure format supported by the most platforms.
+
+ @param password
+ The input that is to be hashed.
+
+ @return
+ Return's the hash of the input that was given.
DOC
) do |args|
raise(Puppet::ParseError, "apache_pw_hash() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1
diff --git a/lib/puppet/parser/functions/bool2httpd.rb b/lib/puppet/parser/functions/bool2httpd.rb
index 00e4993853..731dbaf7ef 100644
--- a/lib/puppet/parser/functions/bool2httpd.rb
+++ b/lib/puppet/parser/functions/bool2httpd.rb
@@ -1,15 +1,21 @@
Puppet::Parser::Functions.newfunction(:bool2httpd, type: :rvalue, doc: <<-DOC
- Transform a supposed boolean to On or Off. Pass all other values through.
- Given a nil value (undef), bool2httpd will return 'Off'
- Example:
- $trace_enable = false
- $server_signature = 'mail'
- bool2httpd($trace_enable)
- # => 'Off'
- bool2httpd($server_signature)
- # => 'mail'
- bool2httpd(undef)
- # => 'Off'
+ @summary
+ Transform a supposed boolean to On or Off. Pass all other values through.
+
+ @param arg
+ The value to be converted into a string.
+
+ @return
+ Will return either `On` or `Off` if given a boolean value. Return's a string of any
+ other given value.
+
+ @example
+ $trace_enable = false
+ $server_signature = 'mail'
+
+ bool2httpd($trace_enable) # returns 'Off'
+ bool2httpd($server_signature) # returns 'mail'
+ bool2httpd(undef) # returns 'Off'
DOC
) do |args|
raise(Puppet::ParseError, "bool2httpd() wrong number of arguments. Given: #{args.size} for 1)") if args.size != 1
diff --git a/lib/puppet/parser/functions/validate_apache_log_level.rb b/lib/puppet/parser/functions/validate_apache_log_level.rb
index bcbf8e7c7e..e0e06e84fe 100644
--- a/lib/puppet/parser/functions/validate_apache_log_level.rb
+++ b/lib/puppet/parser/functions/validate_apache_log_level.rb
@@ -1,15 +1,23 @@
# validate_apache_log_level.rb
module Puppet::Parser::Functions
newfunction(:validate_apache_log_level, doc: <<-DOC
- Perform simple validation of a string against the list of known log
- levels as per http://httpd.apache.org/docs/current/mod/core.html#loglevel
- validate_apache_loglevel('info')
+ @summary
+ Perform simple validation of a string against the list of known log levels.
+
+ As per http://httpd.apache.org/docs/current/mod/core.html#loglevel
+ * validate_apache_loglevel('info')
Modules maybe specified with their own levels like these:
- validate_apache_loglevel('warn ssl:info')
- validate_apache_loglevel('warn mod_ssl.c:info')
- validate_apache_loglevel('warn ssl_module:info')
+ * validate_apache_loglevel('warn ssl:info')
+ * validate_apache_loglevel('warn mod_ssl.c:info')
+ * validate_apache_loglevel('warn ssl_module:info')
Expected to be used from the main or vhost.
Might be used from directory too later as apaceh supports that
+
+ @param log_level
+ The string that is to be validated.
+
+ @return
+ Return's an error if the validation fails.
DOC
) do |args|
if args.size != 1
diff --git a/lib/puppet/provider/a2mod.rb b/lib/puppet/provider/a2mod.rb
index af704b6014..747da44a91 100644
--- a/lib/puppet/provider/a2mod.rb
+++ b/lib/puppet/provider/a2mod.rb
@@ -1,5 +1,6 @@
# a2mod.rb
class Puppet::Provider::A2mod < Puppet::Provider
+ # Fetches the mod provider
def self.prefetch(mods)
instances.each do |prov|
mod = mods[prov.name]
@@ -9,10 +10,12 @@ def self.prefetch(mods)
end
end
+ # Clear's the property_hash
def flush
@property_hash.clear
end
+ # Returns a copy of the property_hash
def properties
if @property_hash.empty?
@property_hash = query || { ensure: :absent }
@@ -21,6 +24,7 @@ def properties
@property_hash.dup
end
+ # Returns the properties of the given mod if it exists.
def query
self.class.instances.each do |mod|
if mod.name == name || mod.name.downcase == name
@@ -30,6 +34,7 @@ def query
nil
end
+ # Return's if the ensure property is absent or not
def exists?
properties[:ensure] != :absent
end
diff --git a/manifests/balancer.pp b/manifests/balancer.pp
index 9f824d2d82..ee1f6c3fc3 100644
--- a/manifests/balancer.pp
+++ b/manifests/balancer.pp
@@ -1,49 +1,46 @@
-# == Define Resource Type: apache::balancer
+# @summary
+# This type will create an apache balancer cluster file inside the conf.d
+# directory.
#
-# This type will create an apache balancer cluster file inside the conf.d
-# directory. Each balancer cluster needs one or more balancer members (that can
+# Each balancer cluster needs one or more balancer members (that can
# be declared with the apache::balancermember defined resource type). Using
# storeconfigs, you can export the apache::balancermember resources on all
# balancer members, and then collect them on a single apache load balancer
# server.
#
-# === Requirement/Dependencies:
+# @note
+# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
+# storeconfigs on the Puppet Master to export/collect resources from all
+# balancer members.
#
-# Currently requires the puppetlabs/concat module on the Puppet Forge and uses
-# storeconfigs on the Puppet Master to export/collect resources from all
-# balancer members.
+# @param name
+# The namevar of the defined resource type is the balancer clusters name.
+# This name is also used in the name of the conf.d file
#
-# === Parameters
+# @param proxy_set
+# Configures key-value pairs to be used as a ProxySet lines in the configuration.
#
-# [*name*]
-# The namevar of the defined resource type is the balancer clusters name.
-# This name is also used in the name of the conf.d file
+# @param target
+# The path to the file the balancer definition will be written in.
#
-# [*proxy_set*]
-# Hash, default empty. If given, each key-value pair will be used as a ProxySet
-# line in the configuration.
+# @param collect_exported
+# Determines whether to use exported resources.
+# If you statically declare all of your backend servers, set this parameter to false to rely
+# on existing, declared balancer member resources. Also, use apache::balancermember with array
+# arguments.
+# To dynamically declare backend servers via exported resources collected on a central node,
+# set this parameter to true to collect the balancer member resources exported by the balancer
+# member nodes.
+# If you don't use exported resources, a single Puppet run configures all balancer members. If
+# you use exported resources, Puppet has to run on the balanced nodes first, then run on the
+# balancer.
#
-# [*target*]
-# String, default undef. If given, path to the file the balancer definition will
-# be written.
+# @param options
+# Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
+# after the balancer URL, and accepts any key-value pairs available to `ProxyPass`.
#
-# [*collect_exported*]
-# Boolean, default 'true'. True means 'collect exported @@balancermember
-# resources' (for the case when every balancermember node exports itself),
-# false means 'rely on the existing declared balancermember resources' (for the
-# case when you know the full set of balancermembers in advance and use
-# apache::balancermember with array arguments, which allows you to deploy
-# everything in 1 run)
-#
-# [*options*]
-# Array, default empty. If given, additional directives may be added to the
-# block.
-#
-# === Examples
-#
-# Exporting the resource for a balancer member:
-#
-# apache::balancer { 'puppet00': }
+# @example
+# apache::balancer { 'puppet00': }
#
define apache::balancer (
$proxy_set = {},
diff --git a/manifests/balancermember.pp b/manifests/balancermember.pp
index 6e8b29f13f..1d4abb2e40 100644
--- a/manifests/balancermember.pp
+++ b/manifests/balancermember.pp
@@ -1,43 +1,42 @@
-# == Define Resource Type: apache::balancermember
-#
+# @summary
+# Defines members of `mod_proxy_balancer`
+#
+# Sets up a balancer member inside a listening service configuration block in
+# the load balancer's `apache.cfg`.
+#
# This type will setup a balancer member inside a listening service
# configuration block in /etc/apache/apache.cfg on the load balancer.
-# currently it only has the ability to specify the instance name, url and an
+# Currently it only has the ability to specify the instance name, url and an
# array of options. More features can be added as needed. The best way to
# implement this is to export this resource for all apache balancer member
# servers, and then collect them on the main apache load balancer.
#
-# === Requirement/Dependencies:
-#
-# Currently requires the puppetlabs/concat module on the Puppet Forge and
-# uses storeconfigs on the Puppet Master to export/collect resources
-# from all balancer members.
-#
-# === Parameters
-#
-# [*name*]
-# The title of the resource is arbitrary and only utilized in the concat
-# fragment name.
-#
-# [*balancer_cluster*]
-# The apache service's instance name (or, the title of the apache::balancer
-# resource). This must match up with a declared apache::balancer resource.
+# @note
+# Currently requires the puppetlabs/concat module on the Puppet Forge and
+# uses storeconfigs on the Puppet Master to export/collect resources
+# from all balancer members.
#
-# [*url*]
-# The url used to contact the balancer member server.
+# @param name
+# The title of the resource is arbitrary and only utilized in the concat
+# fragment name.
#
-# [*options*]
-# An array of options to be specified after the url.
+# @param balancer_cluster
+# The apache service's instance name (or, the title of the apache::balancer
+# resource). This must match up with a declared apache::balancer resource.
#
-# === Examples
+# @param url
+# The url used to contact the balancer member server.
#
-# Exporting the resource for a balancer member:
+# @param options
+# Specifies an array of [options](https://httpd.apache.org/docs/current/mod/mod_proxy.html#balancermember)
+# after the URL, and accepts any key-value pairs available to `ProxyPass`.
#
-# @@apache::balancermember { 'apache':
-# balancer_cluster => 'puppet00',
-# url => "ajp://${::fqdn}:8009"
-# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
-# }
+# @example
+# @@apache::balancermember { 'apache':
+# balancer_cluster => 'puppet00',
+# url => "ajp://${::fqdn}:8009"
+# options => ['ping=5', 'disablereuse=on', 'retry=5', 'ttl=120'],
+# }
#
define apache::balancermember(
$balancer_cluster,
diff --git a/manifests/confd/no_accf.pp b/manifests/confd/no_accf.pp
index f35c0c8b9d..4176d2b65d 100644
--- a/manifests/confd/no_accf.pp
+++ b/manifests/confd/no_accf.pp
@@ -1,3 +1,7 @@
+# @summary
+# Manages the `no-accf.conf` file.
+#
+# @api private
class apache::confd::no_accf {
# Template uses no variables
file { 'no-accf.conf':
diff --git a/manifests/custom_config.pp b/manifests/custom_config.pp
index 6bffa05c7f..e0cea82b55 100644
--- a/manifests/custom_config.pp
+++ b/manifests/custom_config.pp
@@ -1,4 +1,41 @@
-# See README.md for usage information
+# @summary
+# Adds a custom configuration file to the Apache server's `conf.d` directory.
+#
+# If the file is invalid and this defined type's `verify_config` parameter's value is
+# `true`, Puppet throws an error during a Puppet run.
+#
+# @param ensure
+# Specifies whether the configuration file should be present.
+#
+# @param confdir
+# Sets the directory in which Puppet places configuration files.
+#
+# @param content
+# Sets the configuration file's content. The `content` and `source` parameters are exclusive
+# of each other.
+#
+# @param filename
+# Sets the name of the file under `confdir` in which Puppet stores the configuration.
+#
+# @param priority
+# Sets the configuration file's priority by prefixing its filename with this parameter's
+# numeric value, as Apache processes configuration files in alphanumeric order.
+# To omit the priority prefix in the configuration file's name, set this parameter to `false`.
+#
+# @param source
+# Points to the configuration file's source. The `content` and `source` parameters are
+# exclusive of each other.
+#
+# @param verify_command
+# Specifies the command Puppet uses to verify the configuration file. Use a fully qualified
+# command.
+# This parameter is used only if the `verify_config` parameter's value is `true`. If the
+# `verify_command` fails, the Puppet run deletes the configuration file and raises an error,
+# but does not notify the Apache service.
+#
+# @param verify_config
+# Specifies whether to validate the configuration file before notifying the Apache service.
+#
define apache::custom_config (
Enum['absent', 'present'] $ensure = 'present',
$confdir = $::apache::confd_dir,
diff --git a/manifests/default_confd_files.pp b/manifests/default_confd_files.pp
index c06b30c83b..36ce5321bc 100644
--- a/manifests/default_confd_files.pp
+++ b/manifests/default_confd_files.pp
@@ -1,3 +1,7 @@
+# @summary
+# Helper for setting up default conf.d files.
+#
+# @api private
class apache::default_confd_files (
$all = true,
) {
diff --git a/manifests/default_mods.pp b/manifests/default_mods.pp
index 2e82d4d930..8254392b0f 100644
--- a/manifests/default_mods.pp
+++ b/manifests/default_mods.pp
@@ -1,3 +1,7 @@
+# @summary
+# Installs and congfigures default mods for Apache
+#
+# @api private
class apache::default_mods (
$all = true,
$mods = undef,
diff --git a/manifests/default_mods/load.pp b/manifests/default_mods/load.pp
index 356e9fa00e..fc44ebcb31 100644
--- a/manifests/default_mods/load.pp
+++ b/manifests/default_mods/load.pp
@@ -1,4 +1,7 @@
-# private define
+# @summary
+# Helper used by `apache::default_mods`
+#
+# @api private
define apache::default_mods::load ($module = $title) {
if defined("apache::mod::${module}") {
include "::apache::mod::${module}"
diff --git a/manifests/dev.pp b/manifests/dev.pp
index d4a25a7e44..95b3fa6d41 100644
--- a/manifests/dev.pp
+++ b/manifests/dev.pp
@@ -1,3 +1,12 @@
+# @summary
+# Installs Apache development libraries.
+#
+# The libraries installed depends on the `dev_packages` parameter of the `apache::params`
+# class, based on your operating system:
+# - **Debian** : `libaprutil1-dev`, `libapr1-dev`; `apache2-dev` on Ubuntu 13.10 and Debian 8; `apache2-prefork-dev` on other versions.
+# - **FreeBSD**: `undef`; on FreeBSD, you must declare the `apache::package` or `apache` classes before declaring `apache::dev`.
+# - **Gentoo**: `undef`.
+# - **Red Hat**: `httpd-devel`.
class apache::dev {
if ! defined(Class['apache']) {
diff --git a/manifests/fastcgi/server.pp b/manifests/fastcgi/server.pp
index df53556af1..76b4d0bcd7 100644
--- a/manifests/fastcgi/server.pp
+++ b/manifests/fastcgi/server.pp
@@ -1,3 +1,33 @@
+# @summary
+# Defines one or more external FastCGI servers to handle specific file types. Use this
+# defined type with `mod_fastcgi`.
+#
+# @param host
+# Determines the FastCGI's hostname or IP address and TCP port number (1-65535).
+#
+# @param timeout
+# Sets the number of seconds a [FastCGI](http://www.fastcgi.com/) application can be inactive before aborting the
+# request and logging the event at the error LogLevel. The inactivity timer applies only as
+# long as a connection is pending with the FastCGI application. If a request is queued to an
+# application, but the application doesn't respond by writing and flushing within this period,
+# the request is aborted. If communication is complete with the application but incomplete with
+# the client (the response is buffered), the timeout does not apply.
+#
+# @param flush
+# Forces `mod_fastcgi` to write to the client as data is received from the
+# application. By default, `mod_fastcgi` buffers data in order to free the application
+# as quickly as possible.
+#
+# @param faux_path
+# Apache has FastCGI handle URIs that resolve to this filename. The path set in this
+# parameter does not have to exist in the local filesystem.
+#
+# @param fcgi_alias
+# Internally links actions with the FastCGI server. This alias must be unique.
+#
+# @param file_type
+# Sets the MIME `content-type` of the file to be processed by the FastCGI server.
+#
define apache::fastcgi::server (
$host = '127.0.0.1:9000',
$timeout = 15,
diff --git a/manifests/init.pp b/manifests/init.pp
index 22440378ef..6846e21d37 100755
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,17 +1,446 @@
-# Class: apache
+# @summary
+# Guides the basic setup and installation of Apache on your system.
#
-# This class installs Apache
+# When this class is declared with the default options, Puppet:
+# - Installs the appropriate Apache software package and [required Apache modules](#default_mods) for your operating system.
+# - Places the required configuration files in a directory, with the [default location](#conf_dir) determined by your operating system.
+# - Configures the server with a default virtual host and standard port (`80`) and address (`\*`) bindings.
+# - Creates a document root directory determined by your operating system, typically `/var/www`.
+# - Starts the Apache service.
#
-# Parameters:
+# @example
+# class { 'apache': }
#
-# Actions:
-# - Install Apache
-# - Manage Apache service
+# @param allow_encoded_slashes
+# Sets the server default for the `AllowEncodedSlashes` declaration, which modifies the
+# responses to URLs containing '\' and '/' characters. If not specified, this parameter omits
+# the declaration from the server's configuration and uses Apache's default setting of 'off'.
#
-# Requires:
+# @param apache_version
+# Configures module template behavior, package names, and default Apache modules by defining
+# the version of Apache to use. We do not recommend manually configuring this parameter
+# without reason.
#
-# Sample Usage:
+# @param conf_dir
+# Sets the directory where the Apache server's main configuration file is located.
#
+# @param conf_template
+# Defines the template used for the main Apache configuration file. Modifying this
+# parameter is potentially risky, as the apache module is designed to use a minimal
+# configuration file customized by `conf.d` entries.
+#
+# @param confd_dir
+# Sets the location of the Apache server's custom configuration directory.
+#
+# @param default_charset
+# Used as the `AddDefaultCharset` directive in the main configuration file.
+#
+# @param default_confd_files
+# Determines whether Puppet generates a default set of includable Apache configuration files
+# in the directory defined by the `confd_dir` parameter. These configuration files
+# correspond to what is typically installed with the Apache package on the server's
+# operating system.
+#
+# @param default_mods
+# Determines whether to configure and enable a set of default Apache modules depending on
+# your operating system.
+# If `false`, Puppet includes only the Apache modules required to make the HTTP daemon work
+# on your operating system, and you can declare any other modules separately using the
+# `apache::mod::` class or `apache::mod` defined type.
+# If `true`, Puppet installs additional modules, depending on the operating system and
+# the values of `apache_version` and `mpm_module` parameters. Because these lists of
+# modules can change frequently, consult the Puppet module's code for up-to-date lists.
+# If this parameter contains an array, Puppet instead enables all passed Apache modules.
+#
+# @param default_ssl_ca
+# Sets the default certificate authority for the Apache server.
+# Although the default value results in a functioning Apache server, you **must** update
+# this parameter with your certificate authority information before deploying this server in
+# a production environment.
+#
+# @param default_ssl_cert
+# Sets the SSL encryption certificate location.
+# Although the default value results in a functioning Apache server, you **must** update this
+# parameter with your certificate location before deploying this server in a production environment.
+#
+# @param default_ssl_chain
+# Sets the default SSL chain location.
+# Although this default value results in a functioning Apache server, you **must** update
+# this parameter with your SSL chain before deploying this server in a production environment.
+#
+# @param default_ssl_crl
+# Sets the path of the default certificate revocation list (CRL) file to use.
+# Although this default value results in a functioning Apache server, you **must** update
+# this parameter with the CRL file path before deploying this server in a production
+# environment. You can use this parameter with or in place of the `default_ssl_crl_path`.
+#
+# @param default_ssl_crl_path
+# Sets the server's certificate revocation list path, which contains your CRLs.
+# Although this default value results in a functioning Apache server, you **must** update
+# this parameter with the CRL file path before deploying this server in a production environment.
+#
+# @param default_ssl_crl_check
+# Sets the default certificate revocation check level via the `SSLCARevocationCheck` directive.
+# This parameter applies only to Apache 2.4 or higher and is ignored on older versions.
+# Although this default value results in a functioning Apache server, you **must** specify
+# this parameter when using certificate revocation lists in a production environment.
+#
+# @param default_ssl_key
+# Sets the SSL certificate key file location.
+# Although the default values result in a functioning Apache server, you **must** update
+# this parameter with your SSL key's location before deploying this server in a production
+# environment.
+#
+# @param default_ssl_vhost
+# Configures a default SSL virtual host.
+# If `true`, Puppet automatically configures the following virtual host using the
+# `apache::vhost` defined type:
+# ```puppet
+# apache::vhost { 'default-ssl':
+# port => 443,
+# ssl => true,
+# docroot => $docroot,
+# scriptalias => $scriptalias,
+# serveradmin => $serveradmin,
+# access_log_file => "ssl_${access_log_file}",
+# }
+# ```
+# **Note**: SSL virtual hosts only respond to HTTPS queries.
+#
+# @param default_type
+# _Apache 2.2 only_. Sets the MIME `content-type` sent if the server cannot otherwise
+# determine an appropriate `content-type`. This directive is deprecated in Apache 2.4 and
+# newer, and is only for backwards compatibility in configuration files.
+#
+# @param default_vhost
+# Configures a default virtual host when the class is declared.
+# To configure customized virtual hosts, set this parameter's
+# value to `false`.
+# > **Note**: Apache will not start without at least one virtual host. If you set this
+# to `false` you must configure a virtual host elsewhere.
+#
+# @param dev_packages
+# Configures a specific dev package to use.
+# For example, using httpd 2.4 from the IUS yum repo:
+# ``` puppet
+# include ::apache::dev
+# class { 'apache':
+# apache_name => 'httpd24u',
+# dev_packages => 'httpd24u-devel',
+# }
+# ```
+#
+# @param docroot
+# Sets the default `DocumentRoot` location.
+#
+# @param error_documents
+# Determines whether to enable [custom error documents](https://httpd.apache.org/docs/current/custom-error.html) on the Apache server.
+#
+# @param group
+# Sets the group ID that owns any Apache processes spawned to answer requests.
+# By default, Puppet attempts to manage this group as a resource under the `apache`
+# class, determining the group based on the operating system as detected by the
+# `apache::params` class. To prevent the group resource from being created and use a group
+# created by another Puppet module, set the `manage_group` parameter's value to `false`.
+# > **Note**: Modifying this parameter only changes the group ID that Apache uses to spawn
+# child processes to access resources. It does not change the user that owns the parent server
+# process.
+#
+# @param httpd_dir
+# Sets the Apache server's base configuration directory. This is useful for specially
+# repackaged Apache server builds but might have unintended consequences when combined
+# with the default distribution packages.
+#
+# @param http_protocol_options
+# Specifies the strictness of HTTP protocol checks.
+# Valid options: any sequence of the following alternative values: `Strict` or `Unsafe`,
+# `RegisteredMethods` or `LenientMethods`, and `Allow0.9` or `Require1.0`.
+#
+# @param keepalive
+# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive.
+# If you set this to `On`, use the `keepalive_timeout` and `max_keepalive_requests` parameters
+# to set relevant options.
+#
+# @param keepalive_timeout
+# Sets the `KeepAliveTimeout` directive, which determines the amount of time the Apache
+# server waits for subsequent requests on a persistent HTTP connection. This parameter is
+# only relevant if the `keepalive` parameter is enabled.
+#
+# @param max_keepalive_requests
+# Limits the number of requests allowed per connection when the `keepalive` parameter is enabled.
+#
+# @param hostname_lookups
+# This directive enables DNS lookups so that host names can be logged and passed to
+# CGIs/SSIs in REMOTE_HOST.
+# > **Note**: If enabled, it impacts performance significantly.
+#
+# @param lib_path
+# Specifies the location whereApache module files are stored.
+# > **Note**: Do not configure this parameter manually without special reason.
+#
+# @param log_level
+# Changes the error log's verbosity. Valid options are: `alert`, `crit`, `debug`, `emerg`, `error`,
+# `info`, `notice` and `warn`.
+#
+# @param log_formats
+# Define additional `LogFormat` directives. Values: A hash, such as:
+# ``` puppet
+# $log_formats = { vhost_common => '%v %h %l %u %t \"%r\" %>s %b' }
+# ```
+# There are a number of predefined `LogFormats` in the `httpd.conf` that Puppet creates:
+# ``` httpd
+# LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %l %u %t \"%r\" %>s %b" common
+# LogFormat "%{Referer}i -> %U" referer
+# LogFormat "%{User-agent}i" agent
+# LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" forwarded
+# ```
+# If your `log_formats` parameter contains one of those, it will be overwritten with **your** definition.
+#
+# @param logroot
+# Changes the directory of Apache log files for the virtual host.
+#
+# @param logroot_mode
+# Overrides the default `logroot` directory's mode.
+# > **Note**: Do _not_ grant write access to the directory where the logs are stored
+# without being aware of the consequences. See the [Apache documentation](https://httpd.apache.org/docs/current/logs.html#security)
+# for details.
+#
+# @param manage_group
+# When `false`, stops Puppet from creating the group resource.
+# If you have a group created from another Puppet module that you want to use to run Apache,
+# set this to `false`. Without this parameter, attempting to use a previously established
+# group results in a duplicate resource error.
+#
+# @param supplementary_groups
+# A list of groups to which the user belongs. These groups are in addition to the primary group.
+# Notice: This option only has an effect when `manage_user` is set to true.
+#
+# @param manage_user
+# When `false`, stops Puppet from creating the user resource.
+# This is for instances when you have a user, created from another Puppet module, you want
+# to use to run Apache. Without this parameter, attempting to use a previously established
+# user would result in a duplicate resource error.
+#
+# @param mod_dir
+# Sets where Puppet places configuration files for your Apache modules.
+#
+# @param mod_libs
+# Allows the user to override default module library names.
+# ```puppet
+# include apache::params
+# class { 'apache':
+# mod_libs => merge($::apache::params::mod_libs, {
+# 'wsgi' => 'mod_wsgi_python3.so',
+# })
+# }
+# ```
+#
+# @param mod_packages
+# Allows the user to override default module package names.
+# ```puppet
+# include apache::params
+# class { 'apache':
+# mod_packages => merge($::apache::params::mod_packages, {
+# 'auth_kerb' => 'httpd24-mod_auth_kerb',
+# })
+# }
+# ```
+#
+# @param mpm_module
+# Determines which [multi-processing module](https://httpd.apache.org/docs/current/mpm.html) (MPM) is loaded and configured for the
+# HTTPD process. Valid values are: `event`, `itk`, `peruser`, `prefork`, `worker` or `false`.
+# You must set this to `false` to explicitly declare the following classes with custom parameters:
+# - `apache::mod::event`
+# - `apache::mod::itk`
+# - `apache::mod::peruser`
+# - `apache::mod::prefork`
+# - `apache::mod::worker`
+#
+# @param package_ensure
+# Controls the `package` resource's `ensure` attribute. Valid values are: `absent`, `installed`
+# (or equivalent `present`), or a version string.
+#
+# @param pidfile
+# Allows settting a custom location for the pid file. Useful if using a custom-built Apache rpm.
+#
+# @param ports_file
+# Sets the path to the file containing Apache ports configuration.
+#
+# @param protocols
+# Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
+# directive, which lists available protocols for the server.
+#
+# @param protocols_honor_order
+# Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
+# directive which determines whether the order of Protocols sets precedence during negotiation.
+#
+# @param purge_configs
+# Removes all other Apache configs and virtual hosts.
+# Setting this to `false` is a stopgap measure to allow the apache module to coexist with
+# existing or unmanaged configurations. We recommend moving your configuration to resources
+# within this module. For virtual host configurations, see `purge_vhost_dir`.
+#
+# @param purge_vhost_dir
+# If the `vhost_dir` parameter's value differs from the `confd_dir` parameter's, this parameter
+# determines whether Puppet removes any configurations inside `vhost_dir` that are _not_ managed
+# by Puppet.
+# Setting `purge_vhost_dir` to `false` is a stopgap measure to allow the apache module to
+# coexist with existing or otherwise unmanaged configurations within `vhost_dir`.
+#
+# @param rewrite_lock
+# Allows setting a custom location for a rewrite lock - considered best practice if using
+# a RewriteMap of type prg in the `rewrites` parameter of your virtual host. This parameter
+# only applies to Apache version 2.2 or lower and is ignored on newer versions.
+#
+# @param sendfile
+# Forces Apache to use the Linux kernel's `sendfile` support to serve static files, via the
+# `EnableSendfile` directive.
+#
+# @param serveradmin
+# Sets the Apache server administrator's contact information via Apache's `ServerAdmin` directive.
+#
+# @param servername
+# Sets the Apache server name via Apache's `ServerName` directive.
+# Setting to `false` will not set ServerName at all.
+#
+# @param server_root
+# Sets the Apache server's root directory via Apache's `ServerRoot` directive.
+#
+# @param server_signature
+# Configures a trailing footer line to display at the bottom of server-generated documents,
+# such as error documents and output of certain Apache modules, via Apache's `ServerSignature`
+# directive. Valid values are: `On` or `Off`.
+#
+# @param server_tokens
+# Controls how much information Apache sends to the browser about itself and the operating
+# system, via Apache's `ServerTokens` directive.
+#
+# @param service_enable
+# Determines whether Puppet enables the Apache HTTPD service when the system is booted.
+#
+# @param service_ensure
+# Determines whether Puppet should make sure the service is running.
+# Valid values are: `true` (or `running`) or `false` (or `stopped`).
+# The `false` or `stopped` values set the 'httpd' service resource's `ensure` parameter
+# to `false`, which is useful when you want to let the service be managed by another
+# application, such as Pacemaker.
+#
+# @param service_name
+# Sets the name of the Apache service.
+#
+# @param service_manage
+# Determines whether Puppet manages the HTTPD service's state.
+#
+# @param service_restart
+# Determines whether Puppet should use a specific command to restart the HTTPD service.
+# Values: a command to restart the Apache service.
+#
+# @param timeout
+# Sets Apache's `TimeOut` directive, which defines the number of seconds Apache waits for
+# certain events before failing a request.
+#
+# @param trace_enable
+# Controls how Apache handles `TRACE` requests (per RFC 2616) via the `TraceEnable` directive.
+#
+# @param use_canonical_name
+# Controls Apache's `UseCanonicalName` directive which controls how Apache handles
+# self-referential URLs. If not specified, this parameter omits the declaration from the
+# server's configuration and uses Apache's default setting of 'off'.
+#
+# @param use_systemd
+# Controls whether the systemd module should be installed on Centos 7 servers, this is
+# especially useful if using custom-built RPMs.
+#
+# @param file_mode
+# Sets the desired permissions mode for config files.
+# Valid values are: a string, with permissions mode in symbolic or numeric notation.
+#
+# @param root_directory_options
+# Array of the desired options for the `/` directory in httpd.conf.
+#
+# @param root_directory_secured
+# Sets the default access policy for the `/` directory in httpd.conf. A value of `false`
+# allows access to all resources that are missing a more specific access policy. A value of
+# `true` denies access to all resources by default. If `true`, more specific rules must be
+# used to allow access to these resources (for example, in a directory block using the
+# `directories` parameter).
+#
+# @param vhost_dir
+# Changes your virtual host configuration files' location.
+#
+# @param vhost_include_pattern
+# Defines the pattern for files included from the `vhost_dir`.
+# If set to a value like `[^.#]\*.conf[^~]` to make sure that files accidentally created in
+# this directory (such as files created by version control systems or editor backups) are
+# *not* included in your server configuration.
+# Some operating systems use a value of `*.conf`. By default, this module creates configuration
+# files ending in `.conf`.
+#
+# @param user
+# Changes the user that Apache uses to answer requests. Apache's parent process continues
+# to run as root, but child processes access resources as the user defined by this parameter.
+# To prevent Puppet from managing the user, set the `manage_user` parameter to `false`.
+#
+# @param apache_name
+# The name of the Apache package to install. If you are using a non-standard Apache package
+# you might need to override the default setting.
+# For CentOS/RHEL Software Collections (SCL), you can also use `apache::version::scl_httpd_version`.
+#
+# @param error_log
+# The name of the error log file for the main server instance. If the string starts with
+# `/`, `|`, or `syslog`: the full path is set. Otherwise, the filename is prefixed with
+# `$logroot`.
+#
+# @param scriptalias
+# Directory to use for global script alias
+#
+# @param access_log_file
+# The name of the access log file for the main server instance.
+#
+# @param limitreqfields
+# The `limitreqfields` parameter sets the maximum number of request header fields in
+# an HTTP request. This directive gives the server administrator greater control over
+# abnormal client request behavior, which may be useful for avoiding some forms of
+# denial-of-service attacks. The value should be increased if normal clients see an error
+# response from the server that indicates too many fields were sent in the request.
+#
+# @param limitreqfieldsize
+# The `limitreqfieldsize` parameter sets the maximum ammount of _bytes_ that will
+# be allowed within a request header.
+#
+# @param ip
+# Specifies the ip address
+#
+# @param purge_vdir
+# Removes all other Apache configs and virtual hosts.
+# > **Note**: This parameter is deprecated in favor of the `purge_config` parameter.
+#
+# @param conf_enabled
+# Whether the additional config files in `/etc/apache2/conf-enabled` should be managed.
+#
+# @param vhost_enable_dir
+# Set's whether the vhost definitions will be stored in sites-availible and if
+# they will be symlinked to and from sites-enabled.
+#
+# @param mod_enable_dir
+# Set's whether the mods-enabled directory should be managed.
+#
+# @param ssl_file
+# This parameter allows you to set an ssl.conf file to be managed in order to implement
+# an SSL Certificate.
+#
+# @param file_e_tag
+# Sets the server default for the `FileETag` declaration, which modifies the response header
+# field for static files.
+#
+# @param use_optional_includes
+# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
+# `additional_includes` in Apache 2.4 or newer.
+#
+# @param mime_types_additional
+# Specifies any idditional Internet media (mime) types that you wish to be configured.
+#
class apache (
$apache_name = $::apache::params::apache_name,
$service_name = $::apache::params::service_name,
diff --git a/manifests/listen.pp b/manifests/listen.pp
index 503ee8860b..25fb2801b1 100644
--- a/manifests/listen.pp
+++ b/manifests/listen.pp
@@ -1,3 +1,9 @@
+# @summary
+# Adds `Listen` directives to `ports.conf` that define the
+# Apache server's or a virtual host's listening address and port.
+#
+# The `apache::vhost` class uses this defined type, and titles take the form
+# ``, `:`, or `:`.
define apache::listen {
$listen_addr_port = $name
diff --git a/manifests/mod.pp b/manifests/mod.pp
index c7f3908d1e..323935c5b1 100644
--- a/manifests/mod.pp
+++ b/manifests/mod.pp
@@ -1,3 +1,37 @@
+# @summary
+# Installs packages for an Apache module that doesn't have a corresponding
+# `apache::mod::` class.
+#
+# Checks for or places the module's default configuration files in the Apache server's
+# `module` and `enable` directories. The default locations depend on your operating system.
+#
+# @param package
+# **Required**.
+# Names the package Puppet uses to install the Apache module.
+#
+# @param package_ensure
+# Determines whether Puppet ensures the Apache module should be installed.
+#
+# @param lib
+# Defines the module's shared object name. Do not configure manually without special reason.
+#
+# @param lib_path
+# Specifies a path to the module's libraries. Do not manually set this parameter
+# without special reason. The `path` parameter overrides this value.
+#
+# @param loadfile_name
+# Sets the filename for the module's `LoadFile` directive, which can also set
+# the module load order as Apache processes them in alphanumeric order.
+#
+# @param id
+# Specifies the package id
+#
+# @param loadfiles
+# Specifies an array of `LoadFile` directives.
+#
+# @param path
+# Specifies a path to the module. Do not manually set this parameter without a special reason.
+#
define apache::mod (
$package = undef,
$package_ensure = 'present',
diff --git a/manifests/mod/actions.pp b/manifests/mod/actions.pp
index 3b60f297fd..c9b7d15d69 100644
--- a/manifests/mod/actions.pp
+++ b/manifests/mod/actions.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs Apache mod_actions
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_actions.html for additional documentation.
+#
class apache::mod::actions {
apache::mod { 'actions': }
}
diff --git a/manifests/mod/alias.pp b/manifests/mod/alias.pp
index 4eb42ac974..de21d2c266 100644
--- a/manifests/mod/alias.pp
+++ b/manifests/mod/alias.pp
@@ -1,3 +1,22 @@
+# @summary
+# Installs and configures `mod_alias`.
+#
+# @param apache_version
+# The version of Apache, if not set will be retrieved from the init class.
+#
+# @param icons_options
+# Disables directory listings for the icons directory, via Apache [Options](https://httpd.apache.org/docs/current/mod/core.html#options)
+# directive.
+#
+# @param icons_path
+# Sets the local path for an /icons/ Alias. Default depends on operating system:
+# - Debian: /usr/share/apache2/icons
+# - FreeBSD: /usr/local/www/apache24/icons
+# - Gentoo: /var/www/icons
+# - Red Hat: /var/www/icons, except on Apache 2.4, where it's /usr/share/httpd/icons
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_alias.html for additional documentation.
+#
class apache::mod::alias(
$apache_version = undef,
$icons_options = 'Indexes MultiViews',
diff --git a/manifests/mod/auth_basic.pp b/manifests/mod/auth_basic.pp
index cacfafa4d3..cb2d1313c9 100644
--- a/manifests/mod/auth_basic.pp
+++ b/manifests/mod/auth_basic.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_auth_basic`
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_auth_basic.html for additional documentation.
+#
class apache::mod::auth_basic {
::apache::mod { 'auth_basic': }
}
diff --git a/manifests/mod/auth_cas.pp b/manifests/mod/auth_cas.pp
index 00de62242a..e13cad2152 100644
--- a/manifests/mod/auth_cas.pp
+++ b/manifests/mod/auth_cas.pp
@@ -1,3 +1,86 @@
+# @summary
+# Installs and configures `mod_auth_cas`.
+#
+# @param cas_login_url
+# Sets the URL to which the module redirects users when they attempt to access a
+# CAS-protected resource and don't have an active session.
+#
+# @param cas_validate_url
+# Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+#
+# @param cas_cookie_path
+# Sets the location where information on the current session should be stored. This should
+# be writable by the web server only.
+#
+# @param cas_cookie_path_mode
+# The mode of cas_cookie_path.
+#
+# @param cas_version
+# The version of the CAS protocol to adhere to.
+#
+# @param cas_debug
+# Whether to enable or disable debug mode.
+#
+# @param cas_validate_server
+# Whether to validate the presented certificate. This has been deprecated and
+# removed from Version 1.1-RC1 onward.
+#
+# @param cas_validatedepth
+# The maximum depth for chained certificate validation.
+#
+# @param cas_proxy_validate_url
+# The URL to use when performing a proxy validation.
+#
+# @param cas_root_proxied_as
+# Sets the URL end users see when access to this Apache server is proxied per vhost.
+# This URL should not include a trailing slash.
+#
+# @param cas_cookie_entropy
+# When creating a local session, this many random bytes are used to create a unique
+# session identifier.
+#
+# @param cas_timeout
+# The hard limit, in seconds, for a mod_auth_cas session.
+#
+# @param cas_idle_timeout
+# The limit, in seconds, of how long a mod_auth_cas session can be idle.
+#
+# @param cas_cache_clean_interval
+# The minimum amount of time that must pass inbetween cache cleanings.
+#
+# @param cas_cookie_domain
+# The value for the 'Domain=' parameter in the Set-Cookie header.
+#
+# @param cas_cookie_http_only
+# Setting this flag prevents the mod_auth_cas cookies from being accessed by
+# client side Javascript.
+#
+# @param cas_authoritative
+# Determines whether an optional authorization directive is authoritative and thus binding.
+#
+# @param cas_validate_saml
+# Parse response from CAS server for SAML.
+#
+# @param cas_sso_enabled
+# Enables experimental support for single sign out (may mangle POST data).
+#
+# @param cas_attribute_prefix
+# Adds a header with the value of this header being the attribute values when SAML
+# validation is enabled.
+#
+# @param cas_attribute_delimiter
+# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+#
+# @param cas_scrub_request_headers
+# Remove inbound request headers that may have special meaning within mod_auth_cas.
+#
+# @param suppress_warning
+# Suppress warning about being on RedHat (mod_auth_cas package is now available in epel-testing repo).
+#
+# @note The auth_cas module isn't available on RH/CentOS without providing dependency packages provided by EPEL.
+#
+# @see https://github.com/apereo/mod_auth_cas for additional documentation.
+#
class apache::mod::auth_cas (
String $cas_login_url,
String $cas_validate_url,
diff --git a/manifests/mod/auth_gssapi.pp b/manifests/mod/auth_gssapi.pp
index 45b8cb3c19..226e6061c1 100644
--- a/manifests/mod/auth_gssapi.pp
+++ b/manifests/mod/auth_gssapi.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_auth_gsappi`.
+#
+# @see https://github.com/modauthgssapi/mod_auth_gssapi for additional documentation.
+#
class apache::mod::auth_gssapi {
include apache
include apache::mod::authn_core
diff --git a/manifests/mod/auth_kerb.pp b/manifests/mod/auth_kerb.pp
index 4b4887fe8c..79bde55921 100644
--- a/manifests/mod/auth_kerb.pp
+++ b/manifests/mod/auth_kerb.pp
@@ -1,3 +1,7 @@
+# @summary
+# Installs `mod_auth_kerb`
+#
+# @see http://modauthkerb.sourceforge.net for additional documentation.
class apache::mod::auth_kerb {
include ::apache
include ::apache::mod::authn_core
diff --git a/manifests/mod/auth_mellon.pp b/manifests/mod/auth_mellon.pp
index 5dbb6b5771..b1edc48253 100644
--- a/manifests/mod/auth_mellon.pp
+++ b/manifests/mod/auth_mellon.pp
@@ -1,3 +1,29 @@
+# @summary
+# Installs and configures `mod_auth_mellon`.
+#
+# @param mellon_cache_size
+# Maximum number of sessions which can be active at once.
+#
+# @param mellon_lock_file
+# Full path to a file used for synchronizing access to the session data.
+#
+# @param mellon_post_directory
+# Full path of a directory where POST requests are saved during authentication.
+#
+# @param mellon_cache_entry_size
+# Maximum size for a single session entry in bytes.
+#
+# @param mellon_post_ttl
+# Delay in seconds before a saved POST request can be flushed.
+#
+# @param mellon_post_size
+# Maximum size for saved POST requests.
+#
+# @param mellon_post_count
+# Maximum amount of saved POST requests.
+#
+# @see https://github.com/Uninett/mod_auth_mellon for additional documentation.
+#
class apache::mod::auth_mellon (
$mellon_cache_size = $::apache::params::mellon_cache_size,
$mellon_lock_file = $::apache::params::mellon_lock_file,
diff --git a/manifests/mod/authn_core.pp b/manifests/mod/authn_core.pp
index c5ce5b1070..cde5b51d48 100644
--- a/manifests/mod/authn_core.pp
+++ b/manifests/mod/authn_core.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs `mod_authn_core`.
+#
+# @param apache_version
+# The version of apache being run.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authn_core.html for additional documentation.
+#
class apache::mod::authn_core(
$apache_version = $::apache::apache_version
) {
diff --git a/manifests/mod/authn_dbd.pp b/manifests/mod/authn_dbd.pp
index be6ff3e55f..912b2574ff 100644
--- a/manifests/mod/authn_dbd.pp
+++ b/manifests/mod/authn_dbd.pp
@@ -1,3 +1,32 @@
+# @summary
+# Installs `mod_authn_dbd`.
+#
+# @param authn_dbd_params
+# The params needed for the mod to function.
+#
+# @param authn_dbd_dbdriver
+# Selects an apr_dbd driver by name.
+#
+# @param authn_dbd_query
+#
+# @param authn_dbd_min
+# Set the minimum number of connections per process.
+#
+# @param authn_dbd_max
+# Set the maximum number of connections per process.
+#
+# @param authn_dbd_keep
+# Set the maximum number of connections per process to be sustained.
+#
+# @param authn_dbd_exptime
+# Set the time to keep idle connections alive when the number of
+# connections specified in DBDKeep has been exceeded.
+#
+# @param authn_dbd_alias
+# Sets an alias for `AuthnProvider.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authn_dbd.html for additional documentation.
+#
class apache::mod::authn_dbd (
$authn_dbd_params,
$authn_dbd_dbdriver = 'mysql',
diff --git a/manifests/mod/authn_file.pp b/manifests/mod/authn_file.pp
index bc787244a2..1418045078 100644
--- a/manifests/mod/authn_file.pp
+++ b/manifests/mod/authn_file.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_authn_file`.
+#
+# @see https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html for additional documentation.
+#
class apache::mod::authn_file {
::apache::mod { 'authn_file': }
}
diff --git a/manifests/mod/authnz_ldap.pp b/manifests/mod/authnz_ldap.pp
index 560909f871..4a536c807e 100644
--- a/manifests/mod/authnz_ldap.pp
+++ b/manifests/mod/authnz_ldap.pp
@@ -1,3 +1,14 @@
+# @summary
+# Installs `mod_authnz_ldap`.
+#
+# @param verify_server_cert
+# Whether to force te verification of a server cert or not.
+#
+# @param package_name
+# The name of the ldap package.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authnz_ldap.html for additional documentation.
+#
class apache::mod::authnz_ldap (
Boolean $verify_server_cert = true,
$package_name = undef,
diff --git a/manifests/mod/authnz_pam.pp b/manifests/mod/authnz_pam.pp
index c2672126d2..a8fcf60633 100644
--- a/manifests/mod/authnz_pam.pp
+++ b/manifests/mod/authnz_pam.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_authnz_pam`.
+#
+# @see https://www.adelton.com/apache/mod_authnz_pam for additional documentation.
+#
class apache::mod::authnz_pam {
include ::apache
::apache::mod { 'authnz_pam': }
diff --git a/manifests/mod/authz_default.pp b/manifests/mod/authz_default.pp
index e457774ae5..2f07a49fe6 100644
--- a/manifests/mod/authz_default.pp
+++ b/manifests/mod/authz_default.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_authz_default`.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authz_default.html for additional documentation.
+#
class apache::mod::authz_default(
$apache_version = $::apache::apache_version
) {
diff --git a/manifests/mod/authz_user.pp b/manifests/mod/authz_user.pp
index 948a3e2c97..81bdf5f314 100644
--- a/manifests/mod/authz_user.pp
+++ b/manifests/mod/authz_user.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_authz_user`
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_authz_user.html for additional documentation.
+#
class apache::mod::authz_user {
::apache::mod { 'authz_user': }
}
diff --git a/manifests/mod/autoindex.pp b/manifests/mod/autoindex.pp
index 67c7580e31..65b0354426 100644
--- a/manifests/mod/autoindex.pp
+++ b/manifests/mod/autoindex.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_autoindex`
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_autoindex.html for additional documentation.
+#
class apache::mod::autoindex {
include ::apache
::apache::mod { 'autoindex': }
diff --git a/manifests/mod/cache.pp b/manifests/mod/cache.pp
index 4ab9f44bae..a822ae9aa4 100644
--- a/manifests/mod/cache.pp
+++ b/manifests/mod/cache.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_cache`
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_cache.html for additional documentation.
+#
class apache::mod::cache {
::apache::mod { 'cache': }
}
diff --git a/manifests/mod/cgi.pp b/manifests/mod/cgi.pp
index e4a80239af..7759176cc4 100644
--- a/manifests/mod/cgi.pp
+++ b/manifests/mod/cgi.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_cgi`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_cgi.html for additional documentation.
+#
class apache::mod::cgi {
include ::apache
case $::osfamily {
diff --git a/manifests/mod/cgid.pp b/manifests/mod/cgid.pp
index b2cb016557..0d8c27b092 100644
--- a/manifests/mod/cgid.pp
+++ b/manifests/mod/cgid.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_cgid`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_cgid.html
+#
class apache::mod::cgid {
include ::apache
case $::osfamily {
diff --git a/manifests/mod/cluster.pp b/manifests/mod/cluster.pp
index 442b583525..093d3683f2 100644
--- a/manifests/mod/cluster.pp
+++ b/manifests/mod/cluster.pp
@@ -1,3 +1,53 @@
+# @summary
+# Installs `mod_cluster`.
+#
+# @param allowed_network
+# Balanced members network.
+#
+# @param balancer_name
+# Name of balancer.
+#
+# @param ip
+# Specifies the IP address to listen to.
+#
+# @param version
+# Specifies the mod_cluster version. Version 1.3.0 or greater is required for httpd 2.4.
+#
+# @param enable_mcpm_receive
+# Whether MCPM should be enabled.
+#
+# @param port
+# mod_cluster listen port.
+#
+# @param keep_alive_timeout
+# Specifies how long Apache should wait for a request, in seconds.
+#
+# @param manager_allowed_network
+# Whether to allow the network to access the mod_cluster_manager.
+#
+# @param max_keep_alive_requests
+# Maximum number of requests kept alive.
+#
+# @param server_advertise
+# Whether the server should advertise.
+#
+# @param advertise_frequency
+# Sets the interval between advertise messages in seconds.
+#
+# @example
+# class { '::apache::mod::cluster':
+# ip => '172.17.0.1',
+# allowed_network => '172.17.0.',
+# balancer_name => 'mycluster',
+# version => '1.3.1'
+# }
+#
+# @note
+# There is no official package available for mod_cluster, so you must make it available outside of the apache module.
+# Binaries can be found [here](https://modcluster.io/).
+#
+# @see https://modcluster.io/ for additional documentation.
+#
class apache::mod::cluster (
$allowed_network,
$balancer_name,
diff --git a/manifests/mod/data.pp b/manifests/mod/data.pp
index 00807e948a..b09e224539 100644
--- a/manifests/mod/data.pp
+++ b/manifests/mod/data.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_data`.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_data.html for additional documentation.
+#
class apache::mod::data (
$apache_version = undef,
) {
diff --git a/manifests/mod/dav.pp b/manifests/mod/dav.pp
index ade9c0809c..616492705f 100644
--- a/manifests/mod/dav.pp
+++ b/manifests/mod/dav.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_dav`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dav.html for additional documentation.
+#
class apache::mod::dav {
::apache::mod { 'dav': }
}
diff --git a/manifests/mod/dav_fs.pp b/manifests/mod/dav_fs.pp
index 60127e3f6d..1a4fd83925 100644
--- a/manifests/mod/dav_fs.pp
+++ b/manifests/mod/dav_fs.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_dav_fs`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dav_fs.html for additional documentation.
+#
class apache::mod::dav_fs {
include ::apache
$dav_lock = $::osfamily ? {
diff --git a/manifests/mod/dav_svn.pp b/manifests/mod/dav_svn.pp
index 6cb5af560c..8b5094a002 100644
--- a/manifests/mod/dav_svn.pp
+++ b/manifests/mod/dav_svn.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_dav_svn`.
+#
+# @param authz_svn_enabled
+# Specifies whether to install Apache mod_authz_svn
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dav_svn.html for additional documentation.
+#
class apache::mod::dav_svn (
$authz_svn_enabled = false,
) {
diff --git a/manifests/mod/dbd.pp b/manifests/mod/dbd.pp
index 547acc77df..cdc9cdf6f4 100644
--- a/manifests/mod/dbd.pp
+++ b/manifests/mod/dbd.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs `mod_dbd`.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dbd.html for additional documentation.
+#
class apache::mod::dbd {
::apache::mod { 'dbd': }
}
diff --git a/manifests/mod/deflate.pp b/manifests/mod/deflate.pp
index 70ac5be121..28e36d490d 100644
--- a/manifests/mod/deflate.pp
+++ b/manifests/mod/deflate.pp
@@ -1,3 +1,14 @@
+# @summary
+# Installs and configures `mod_deflate`.
+#
+# @param types
+# An array of MIME types to be deflated. See https://www.iana.org/assignments/media-types/media-types.xhtml.
+#
+# @param notes
+# A Hash where the key represents the type and the value represents the note name.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_deflate.html for additional documentation.
+#
class apache::mod::deflate (
$types = [
'text/html text/plain text/xml',
diff --git a/manifests/mod/dev.pp b/manifests/mod/dev.pp
index 5abdedd361..4b1afe8c46 100644
--- a/manifests/mod/dev.pp
+++ b/manifests/mod/dev.pp
@@ -1,3 +1,9 @@
+# @summary
+# Installs `mod_dev`.
+#
+# @note
+# This module is deprecated. Please use `apache::dev`.
+#
class apache::mod::dev {
# Development packages are not apache modules
warning('apache::mod::dev is deprecated; please use apache::dev')
diff --git a/manifests/mod/dir.pp b/manifests/mod/dir.pp
index 3c994d3e13..51bdfd7d68 100644
--- a/manifests/mod/dir.pp
+++ b/manifests/mod/dir.pp
@@ -1,6 +1,18 @@
-# Note: this sets the global DirectoryIndex directive, it may be necessary to consider being able to modify the apache::vhost to declare DirectoryIndex statements in a vhost configuration
-# Parameters:
-# - $indexes provides a string for the DirectoryIndex directive http://httpd.apache.org/docs/current/mod/mod_dir.html#directoryindex
+# @summary
+# Installs and configures `mod_dir`.
+#
+# @param types
+# Specifies the text-based content types to compress.
+#
+# @param indexes
+# Provides a string for the DirectoryIndex directive
+#
+# @todo
+# This sets the global DirectoryIndex directive, so it may be necessary to consider being able to modify the apache::vhost to declare
+# DirectoryIndex statements in a vhost configuration
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dir.html for additional documentation.
+#
class apache::mod::dir (
$dir = 'public_html',
Array[String] $indexes = ['index.html','index.html.var','index.cgi','index.pl','index.php','index.xhtml'],
diff --git a/manifests/mod/disk_cache.pp b/manifests/mod/disk_cache.pp
index 25f864b75d..ef9f6bd81d 100644
--- a/manifests/mod/disk_cache.pp
+++ b/manifests/mod/disk_cache.pp
@@ -1,3 +1,22 @@
+# @summary
+# Installs and configures `mod_disk_cache`.
+#
+# @param cache_root
+# Defines the name of the directory on the disk to contain cache files.
+# Default depends on the Apache version and operating system:
+# - Debian: /var/cache/apache2/mod_cache_disk
+# - FreeBSD: /var/cache/mod_cache_disk
+# - Red Hat, Apache 2.4: /var/cache/httpd/proxy
+# - Red Hat, Apache 2.2: /var/cache/mod_proxy
+#
+# @param cache_ignore_headers
+# Specifies HTTP header(s) that should not be stored in the cache.
+#
+# @note
+# Apache 2.2, mod_disk_cache installed. On Apache 2.4, mod_cache_disk installed.
+#
+# @see https://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html for additional documentation.
+#
class apache::mod::disk_cache (
$cache_root = undef,
$cache_ignore_headers = undef,
diff --git a/manifests/mod/dumpio.pp b/manifests/mod/dumpio.pp
index c79f6da38c..c8e53a8994 100644
--- a/manifests/mod/dumpio.pp
+++ b/manifests/mod/dumpio.pp
@@ -1,3 +1,24 @@
+# @summary
+# Installs and configures `mod_dumpio`.
+#
+# @param dump_io_input
+# Dump all input data to the error log
+#
+# @param dump_io_output
+# Dump all output data to the error log
+#
+# @example
+# class{'apache':
+# default_mods => false,
+# log_level => 'dumpio:trace7',
+# }
+# class{'apache::mod::dumpio':
+# dump_io_input => 'On',
+# dump_io_output => 'Off',
+# }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_dumpio.html for additional documentation.
+#
class apache::mod::dumpio(
Enum['Off', 'On', 'off', 'on'] $dump_io_input = 'Off',
Enum['Off', 'On', 'off', 'on'] $dump_io_output = 'Off',
diff --git a/manifests/mod/env.pp b/manifests/mod/env.pp
index b973005f4c..2ca17a5e79 100644
--- a/manifests/mod/env.pp
+++ b/manifests/mod/env.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_env`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_env.html for additional documentation.
+#
class apache::mod::env {
::apache::mod { 'env': }
}
diff --git a/manifests/mod/event.pp b/manifests/mod/event.pp
index a873959165..9cfec971ff 100644
--- a/manifests/mod/event.pp
+++ b/manifests/mod/event.pp
@@ -1,3 +1,51 @@
+# @summary
+# Installs and configures `mod_event`.
+#
+# @param startservers
+# Sets the number of child server processes created at startup, via the module's `StartServers` directive. Setting this to `false`
+# removes the parameter.
+#
+# @param maxclients
+# Apache 2.3.12 or older alias for the `MaxRequestWorkers` directive.
+#
+# @param maxrequestworkers
+# Sets the maximum number of connections Apache can simultaneously process, via the module's `MaxRequestWorkers` directive. Setting
+# these to `false` removes the parameters.
+#
+# @param minsparethreads
+# Sets the minimum number of idle threads, via the `MinSpareThreads` directive. Setting this to `false` removes the parameters.
+#
+# @param maxsparethreads
+# Sets the maximum number of idle threads, via the `MaxSpareThreads` directive. Setting this to `false` removes the parameters.
+#
+# @param threadsperchild
+# Number of threads created by each child process.
+#
+# @param maxrequestsperchild
+# Apache 2.3.8 or older alias for the `MaxConnectionsPerChild` directive.
+#
+# @param maxconnectionsperchild
+# Limit on the number of connections that an individual child server will handle during its life.
+#
+# @param serverlimit
+# Limits the configurable number of processes via the `ServerLimit` directive. Setting this to `false` removes the parameter.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @param threadlimit
+# Limits the number of event threads via the module's `ThreadLimit` directive. Setting this to `false` removes the parameter.
+#
+# @param listenbacklog
+# Sets the maximum length of the pending connections queue via the module's `ListenBackLog` directive. Setting this to `false` removes
+# the parameter.
+#
+# @note
+# You cannot include apache::mod::event with apache::mod::itk, apache::mod::peruser, apache::mod::prefork, or
+# apache::mod::worker on the same server.
+#
+# @see https://httpd.apache.org/docs/current/mod/event.html for additional documentation.
+#
class apache::mod::event (
$startservers = '2',
$maxclients = '150',
diff --git a/manifests/mod/expires.pp b/manifests/mod/expires.pp
index 07ec82e276..d134994f1a 100644
--- a/manifests/mod/expires.pp
+++ b/manifests/mod/expires.pp
@@ -1,3 +1,19 @@
+# @summary
+# Installs and configures `mod_expires`.
+#
+# @param expires_active
+# Enables generation of Expires headers.
+#
+# @param expires_default
+# Specifies the default algorithm for calculating expiration time using ExpiresByType syntax or interval syntax.
+#
+# @param expires_by_type
+# Describes a set of [MIME content-types](https://www.iana.org/assignments/media-types/media-types.xhtml) and their expiration
+# times. This should be used as an array of Hashes, with each Hash's key a valid MIME content-type (i.e. 'text/json') and its
+# value following valid interval syntax.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_expires.html for additional documentation.
+#
class apache::mod::expires (
$expires_active = true,
$expires_default = undef,
diff --git a/manifests/mod/ext_filter.pp b/manifests/mod/ext_filter.pp
index 11550320c2..59f90ae401 100644
--- a/manifests/mod/ext_filter.pp
+++ b/manifests/mod/ext_filter.pp
@@ -1,3 +1,19 @@
+# @summary
+# Installs and configures `mod_ext_filter`.
+#
+# @param ext_filter_define
+# Hash of filter names and their parameters.
+#
+# @example
+# class { 'apache::mod::ext_filter':
+# ext_filter_define => {
+# 'slowdown' => 'mode=output cmd=/bin/cat preservescontentlength',
+# 'puppetdb-strip' => 'mode=output outtype=application/json cmd="pdb-resource-filter"',
+# },
+# }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_ext_filter.html for additional documentation.
+#
class apache::mod::ext_filter(
Optional[Hash] $ext_filter_define = undef
) {
diff --git a/manifests/mod/fastcgi.pp b/manifests/mod/fastcgi.pp
index ef4f8f259c..abb529d8ff 100644
--- a/manifests/mod/fastcgi.pp
+++ b/manifests/mod/fastcgi.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_fastcgi`.
+#
+# @see https://github.com/FastCGI-Archives/mod_fastcgi for additional documentation.
+#
class apache::mod::fastcgi {
include ::apache
if ($::osfamily == 'Redhat' and versioncmp($::operatingsystemrelease, '7.0') >= 0) {
diff --git a/manifests/mod/fcgid.pp b/manifests/mod/fcgid.pp
index 0e99a9b799..22f1d4d446 100644
--- a/manifests/mod/fcgid.pp
+++ b/manifests/mod/fcgid.pp
@@ -1,3 +1,40 @@
+# @summary
+# Installs and configures `mod_fcgid`.
+#
+# @param expires_active
+# Enables generation of Expires headers.
+#
+# @param expires_default
+# Default algorithm for calculating expiration time.
+#
+# @param expires_by_type
+# Value of the Expires header configured by MIME type.
+#
+# @example The class does not individually parameterize all available options. Instead, configure mod_fcgid using the options hash.
+# class { 'apache::mod::fcgid':
+# options => {
+# 'FcgidIPCDir' => '/var/run/fcgidsock',
+# 'SharememPath' => '/var/run/fcgid_shm',
+# 'AddHandler' => 'fcgid-script .fcgi',
+# },
+# }
+#
+# @example If you include apache::mod::fcgid, you can set the [FcgidWrapper][] per directory, per virtual host. The module must be
+# loaded first; Puppet will not automatically enable it if you set the fcgiwrapper parameter in apache::vhost.
+# include apache::mod::fcgid
+#
+# apache::vhost { 'example.org':
+# docroot => '/var/www/html',
+# directories => {
+# path => '/var/www/html',
+# fcgiwrapper => {
+# command => '/usr/local/bin/fcgiwrapper',
+# }
+# },
+# }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_fcgid.html for additional documentation.
+#
class apache::mod::fcgid(
$options = {},
) {
diff --git a/manifests/mod/filter.pp b/manifests/mod/filter.pp
index 26dc488b3a..5cee277187 100644
--- a/manifests/mod/filter.pp
+++ b/manifests/mod/filter.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_filter`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_filter.html for additional documentation.
+#
class apache::mod::filter {
::apache::mod { 'filter': }
}
diff --git a/manifests/mod/geoip.pp b/manifests/mod/geoip.pp
index 66ae887dea..974dcb8d1b 100644
--- a/manifests/mod/geoip.pp
+++ b/manifests/mod/geoip.pp
@@ -1,3 +1,32 @@
+# @summary
+# Installs and configures `mod_geoip`.
+#
+# @param enable
+# Toggles whether to enable geoip.
+#
+# @param db_file
+# Path to database for GeoIP to use.
+#
+# @param flag
+# Caching directive to use. Values: 'CheckCache', 'IndexCache', 'MemoryCache', 'Standard'.
+#
+# @param output
+# Output variable locations. Values: 'All', 'Env', 'Request', 'Notes'.
+#
+# @param enable_utf8
+# Changes the output from ISO88591 (Latin1) to UTF8.
+#
+# @param scan_proxy_headers
+# Enables the GeoIPScanProxyHeaders option.
+#
+# @param scan_proxy_headers_field
+# Specifies the header mod_geoip uses to determine the client's IP address.
+#
+# @param use_last_xforwarededfor_ip
+# Determines whether to use the first or last IP address for the client's IP in a comma-separated list of IP addresses is found.
+#
+# @see https://dev.maxmind.com/geoip/legacy/mod_geoip2 for additional documentation.
+#
class apache::mod::geoip (
$enable = false,
$db_file = '/usr/share/GeoIP/GeoIP.dat',
diff --git a/manifests/mod/headers.pp b/manifests/mod/headers.pp
index d18c5e2793..a86dbf76a5 100644
--- a/manifests/mod/headers.pp
+++ b/manifests/mod/headers.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_headers`.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_headers.html for additional documentation.
+#
class apache::mod::headers {
::apache::mod { 'headers': }
}
diff --git a/manifests/mod/http2.pp b/manifests/mod/http2.pp
index 468c0db51d..95064fffcb 100644
--- a/manifests/mod/http2.pp
+++ b/manifests/mod/http2.pp
@@ -1,3 +1,70 @@
+# @summary
+# Installs and configures `mod_http2`.
+#
+# @param h2_copy_files
+# Determine file handling in responses.
+#
+# @param h2_direct
+# H2 Direct Protocol Switch.
+#
+# @param h2_early_hints
+# Determine sending of 103 status codes.
+#
+# @param h2_max_session_streams
+# Sets maximum number of active streams per HTTP/2 session.
+#
+# @param h2_max_worker_idle_seconds
+# Sets maximum number of seconds h2 workers remain idle until shut down.
+#
+# @param h2_max_workers
+# Sets maximum number of worker threads to use per child process.
+#
+# @param h2_min_workers
+# Sets minimal number of worker threads to use per child process.
+#
+# @param h2_modern_tls_only
+# Toggles the security checks on HTTP/2 connections in TLS mode
+#
+# @param h2_push
+# Toggles the usage of the HTTP/2 server push protocol feature.
+#
+# @param h2_push_diary_size
+# Sets maximum number of HTTP/2 server pushes that are remembered per HTTP/2 connection.
+#
+# @param h2_priority
+# Require HTTP/2 connections to be "modern TLS" only
+#
+# @param h2_push_resource
+# When added to a directory/location, HTTP/2 PUSHes will be attempted for all paths added
+# via this directive
+#
+# @param h2_serialize_headers
+# Toggles if HTTP/2 requests shall be serialized in HTTP/1.1 format for processing by httpd
+# core or if received binary data shall be passed into the request_recs directly.
+#
+# @param h2_stream_max_mem_size
+# Sets the maximum number of outgoing data bytes buffered in memory for an active streams.
+#
+# @param h2_tls_cool_down_secs
+# Sets the number of seconds of idle time on a TLS connection before the TLS write size falls
+# back to small (~1300 bytes) length.
+#
+# @param h2_tls_warm_up_size
+# Sets the number of bytes to be sent in small TLS records (~1300 bytes) until doing maximum
+# sized writes (16k) on https: HTTP/2 connections.
+#
+# @param h2_upgrade
+# Toggles the usage of the HTTP/1.1 Upgrade method for switching to HTTP/2.
+#
+# @param h2_window_size
+# Sets the size of the window that is used for flow control from client to server and limits
+# the amount of data the server has to buffer.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_http2.html for additional documentation.
+#
class apache::mod::http2 (
Optional[Boolean] $h2_copy_files = undef,
Optional[Boolean] $h2_direct = undef,
diff --git a/manifests/mod/include.pp b/manifests/mod/include.pp
index edbe81f324..af9675a959 100644
--- a/manifests/mod/include.pp
+++ b/manifests/mod/include.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_include`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_include.html for additional documentation.
+#
class apache::mod::include {
::apache::mod { 'include': }
}
diff --git a/manifests/mod/info.pp b/manifests/mod/info.pp
index c6f1355e59..d8191bd081 100644
--- a/manifests/mod/info.pp
+++ b/manifests/mod/info.pp
@@ -1,3 +1,21 @@
+# @summary
+# Installs and configures `mod_info`.
+#
+# @param allow_from
+# Whitelist of IPv4 or IPv6 addresses or ranges that can access the info path.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @param restrict_access
+# Toggles whether to restrict access to info path. If `false`, the `allow_from` whitelist is ignored and any IP address can
+# access the info path.
+#
+# @param info_path
+# Path on server to file containing server configuration information.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_info.html for additional documentation.
+#
class apache::mod::info (
$allow_from = ['127.0.0.1','::1'],
$apache_version = undef,
diff --git a/manifests/mod/intercept_form_submit.pp b/manifests/mod/intercept_form_submit.pp
index 39f1f5e07b..dba95ced33 100644
--- a/manifests/mod/intercept_form_submit.pp
+++ b/manifests/mod/intercept_form_submit.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_intercept_form_submit`.
+#
+# @see https://www.adelton.com/apache/mod_intercept_form_submit for additional documentation.
+#
class apache::mod::intercept_form_submit {
include ::apache
::apache::mod { 'intercept_form_submit': }
diff --git a/manifests/mod/itk.pp b/manifests/mod/itk.pp
index 38dad00713..05bc5ccd36 100644
--- a/manifests/mod/itk.pp
+++ b/manifests/mod/itk.pp
@@ -1,3 +1,34 @@
+# @summary
+# Installs MPM `mod_itk`.
+#
+# @param startservers
+# Number of child server processes created on startup.
+#
+# @param minspareservers
+# Minimum number of idle child server processes.
+#
+# @param maxspareservers
+# Maximum number of idle child server processes.
+#
+# @param serverlimit
+# Maximum configured value for `MaxRequestWorkers` for the lifetime of the Apache httpd process.
+#
+# @param maxclients
+# Limit on the number of simultaneous requests that will be served.
+#
+# @param maxrequestsperchild
+# Limit on the number of connections that an individual child server process will handle.
+#
+# @param enablecapabilities
+# Drop most root capabilities in the parent process, and instead run as the user given by the User/Group directives with some extra
+# capabilities (in particular setuid). Somewhat more secure, but can cause problems when serving from filesystems that do not honor
+# capabilities, such as NFS.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @see http://mpm-itk.sesse.net for additional documentation.
+#
class apache::mod::itk (
$startservers = '8',
$minspareservers = '5',
diff --git a/manifests/mod/jk.pp b/manifests/mod/jk.pp
index fc459b1fee..bf068320b0 100644
--- a/manifests/mod/jk.pp
+++ b/manifests/mod/jk.pp
@@ -1,12 +1,245 @@
-# Class apache::mod::jk
+# @summary
+# Installs `mod_jk`.
+#
+# @param ip
+# IP for binding to mod_jk. Useful when the binding address is not the primary network interface IP.
+#
+# @param port
+# Port for binding to mod_jk. Useful when something else, like a reverse proxy or cache, is receiving requests at port 80, then
+# needs to forward them to Apache at a different port.
+#
+# @param add_listen
+# Defines if a Listen directive according to parameters ip and port (see below), so that Apache listens to the IP/port combination
+# and redirect to mod_jk. Useful when another Listen directive, like Listen *: or Listen , can conflict with the one
+# necessary for mod_jk binding.
+#
+# @param workers_file
+# The name of a worker file for the Tomcat servlet containers.
+#
+# @param worker_property
+# Enables setting worker properties inside Apache configuration file.
+#
+# @param logroot
+# The base directory for shm_file and log_file is determined by the logroot parameter. If unspecified, defaults to
+# apache::params::logroot. The default logroot is sane enough therefore it is not recommended to override it.
+#
+# @param shm_file
+# Shared memory file name.
+#
+# @param shm_size
+# Size of the shared memory file name.
+#
+# @param mount_file
+# File containing multiple mappings from a context to a Tomcat worker.
+#
+# @param mount_file_reload
+# This directive configures the reload check interval in seconds.
+#
+# @param mount
+# A mount point from a context to a Tomcat worker.
+#
+# @param un_mount
+# An exclusion mount point from a context to a Tomcat worker.
+#
+# @param auto_alias
+# Automatically Alias webapp context directories into the Apache document space
+#
+# @param mount_copy
+# If this directive is set to "On" in some virtual server, the mounts from the global server will be copied
+# to this virtual server, more precisely all mounts defined by JkMount or JkUnMount.
+#
+# @param worker_indicator
+# Name of the Apache environment variable that can be used to set worker names in combination with SetHandler
+# jakarta-servlet.
+#
+# @param watchdog_interval
+# This directive configures the watchdog thread interval in seconds.
+#
+# @param log_file
+# Full or server relative path to the mod_jk log file.
+#
+# @param log_level
+# The mod_jk log level, can be debug, info, warn error or trace.
+#
+# @param log_stamp_format
+# The mod_jk date log format, using an extended strftime syntax.
+#
+# @param request_log_format
+# Request log format string.
+#
+# @param extract_ssl
+# Turns on SSL processing and information gathering by mod_jk.
+#
+# @param https_indicator
+# Name of the Apache environment variable that contains SSL indication.
+#
+# @param sslprotocol_indicator
+# Name of the Apache environment variable that contains the SSL protocol name.
+#
+# @param certs_indicator
+# Name of the Apache environment variable that contains SSL client certificates.
+#
+# @param cipher_indicator
+# Name of the Apache environment variable that contains SSL client cipher.
+#
+# @param certchain_prefix
+# Name of the Apache environment (prefix) that contains SSL client chain certificates.
+#
+# @param session_indicator
+# Name of the Apache environment variable that contains SSL session.
+#
+# @param keysize_indicator
+# Name of the Apache environment variable that contains SSL key size in use.
+#
+# @param local_name_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded local name.
+#
+# @param ignore_cl_indicator
+# Name of the Apache environment variable which forces to ignore an existing Content-Length request header.
#
-# Manages mod_jk connector
+# @param local_addr_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded local IP address.
#
-# All parameters are optional. When undefined, some receive default values,
-# while others cause an optional directive to be absent
+# @param local_port_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded local port.
+#
+# @param remote_host_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) host name.
#
-# For help on parameters, pls see official reference at:
-# https://tomcat.apache.org/connectors-doc/reference/apache.html
+# @param remote_addr_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.
+#
+# @param remote_port_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded remote (client) IP address.
+#
+# @param remote_user_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded user name.
+#
+# @param auth_type_indicator
+# Name of the Apache environment variable which can be used to overwrite the forwarded authentication type.
+#
+# @param options
+# Set one of more options to configure the mod_jk module.
+#
+# @param env_var
+# Adds a name and an optional default value of environment variable that should be sent to servlet-engine as a request attribute.
+#
+# @param strip_session
+# If this directive is set to On in some virtual server, the session IDs ;jsessionid=... will be removed for URLs which are not
+# forwarded but instead are handled by the local server.
+#
+# @param workers_file_content
+# Each directive has the format worker..=. This maps as a hash of hashes, where the outer hash specifies
+# workers, and each inner hash specifies each worker properties and values. Plus, there are two global directives, 'worker.list' and
+# 'worker.maintain' For example, the workers file below should be parameterized as follows:
+#
+# Worker file:
+# ```
+# worker.list = status
+# worker.list = some_name,other_name
+#
+# worker.maintain = 60
+#
+# # Optional comment
+# worker.some_name.type=ajp13
+# worker.some_name.socket_keepalive=true
+#
+# # I just like comments
+# worker.other_name.type=ajp12 (why would you?)
+# worker.other_name.socket_keepalive=false
+# ```
+#
+# Puppet file:
+# ```
+# $workers_file_content = {
+# worker_lists => ['status', 'some_name,other_name'],
+# worker_maintain => '60',
+# some_name => {
+# comment => 'Optional comment',
+# type => 'ajp13',
+# socket_keepalive => 'true',
+# },
+# other_name => {
+# comment => 'I just like comments',
+# type => 'ajp12',
+# socket_keepalive => 'false',
+# },
+# }
+# ```
+#
+# @param mount_file_content
+# Each directive has the format = . This maps as a hash of hashes, where the outer hash specifies workers, and
+# each inner hash contains two items:
+# - uri_list—an array with URIs to be mapped to the worker
+# - comment—an optional string with a comment for the worker. For example, the mount file below should be parameterized as Figure 2:
+#
+# Worker file:
+# ```
+# # Worker 1
+# /context_1/ = worker_1
+# /context_1/* = worker_1
+#
+# # Worker 2
+# / = worker_2
+# /context_2/ = worker_2
+# /context_2/* = worker_2
+# ```
+#
+# Puppet file:
+# ```
+# $mount_file_content = {
+# worker_1 => {
+# uri_list => ['/context_1/', '/context_1/*'],
+# comment => 'Worker 1',
+# },
+# worker_2 => {
+# uri_list => ['/context_2/', '/context_2/*'],
+# comment => 'Worker 2',
+# },
+# },
+# ```
+#
+# @example
+# class { '::apache::mod::jk':
+# ip => '192.168.2.15',
+# workers_file => 'conf/workers.properties',
+# mount_file => 'conf/uriworkermap.properties',
+# shm_file => 'run/jk.shm',
+# shm_size => '50M',
+# workers_file_content => {
+#
+# },
+# }
+#
+# @note
+# shm_file and log_file
+# Depending on how these files are specified, the class creates their final path differently:
+#
+# Relative path: prepends supplied path with logroot (see below)
+# Absolute path or pipe: uses supplied path as-is
+#
+# ```
+# shm_file => 'shm_file'
+# # Ends up in
+# $shm_path = '/var/log/httpd/shm_file'
+#
+# shm_file => '/run/shm_file'
+# # Ends up in
+# $shm_path = '/run/shm_file'
+#
+# shm_file => '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
+# # Ends up in
+# $shm_path = '"|rotatelogs /var/log/httpd/mod_jk.log.%Y%m%d 86400 -180"'
+# ```
+#
+# @note
+# All parameters are optional. When undefined, some receive default values, while others cause an optional
+# directive to be absent
+#
+# Additionally, There is no official package available for mod_jk and thus it must be made available by means outside of the control of the
+# apache module. Binaries can be found at Apache Tomcat Connectors download page
+#
+# @see https://tomcat.apache.org/connectors-doc/reference/apache.html for additional documentation.
#
class apache::mod::jk (
# Binding to mod_jk
diff --git a/manifests/mod/ldap.pp b/manifests/mod/ldap.pp
index 98dd4624d5..48c5eea3fd 100644
--- a/manifests/mod/ldap.pp
+++ b/manifests/mod/ldap.pp
@@ -1,3 +1,50 @@
+# @summary
+# Installs and configures `mod_ldap`.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param package_name
+# Specifies the custom package name.
+#
+# @param ldap_trusted_global_cert_file
+# Sets the file or database containing global trusted Certificate Authority or global client certificates.
+#
+# @param ldap_trusted_global_cert_type
+# Sets the the certificate parameter of the global trusted Certificate Authority or global client certificates.
+#
+# @param ldap_shared_cache_size
+# Size in bytes of the shared-memory cache
+#
+# @param ldap_cache_entries
+# Maximum number of entries in the primary LDAP cache
+#
+# @param ldap_cache_ttl
+# Time that cached items remain valid (in seconds).
+#
+# @param ldap_opcache_entries
+# Number of entries used to cache LDAP compare operations
+#
+# @param ldap_opcache_ttl
+# Time that entries in the operation cache remain valid (in seconds).
+#
+# @param ldap_trusted_mode
+# Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
+#
+# @example
+# class { 'apache::mod::ldap':
+# ldap_trusted_global_cert_file => '/etc/pki/tls/certs/ldap-trust.crt',
+# ldap_trusted_global_cert_type => 'CA_DER',
+# ldap_trusted_mode => 'TLS',
+# ldap_shared_cache_size => '500000',
+# ldap_cache_entries => '1024',
+# ldap_cache_ttl => '600',
+# ldap_opcache_entries => '1024',
+# ldap_opcache_ttl => '600',
+# }
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_ldap.html for additional documentation.
+#
class apache::mod::ldap (
$apache_version = undef,
$package_name = undef,
diff --git a/manifests/mod/lookup_identity.pp b/manifests/mod/lookup_identity.pp
index 445c60ef21..1e25f5ede7 100644
--- a/manifests/mod/lookup_identity.pp
+++ b/manifests/mod/lookup_identity.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_lookup_identity`
+#
+# @see https://www.adelton.com/apache/mod_lookup_identity for additional documentation.
+#
class apache::mod::lookup_identity {
include ::apache
::apache::mod { 'lookup_identity': }
diff --git a/manifests/mod/macro.pp b/manifests/mod/macro.pp
index 2a1218bad4..8766201acb 100644
--- a/manifests/mod/macro.pp
+++ b/manifests/mod/macro.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_macro`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_macro.html for additional documentation.
+#
class apache::mod::macro {
include ::apache
::apache::mod { 'macro': }
diff --git a/manifests/mod/mime.pp b/manifests/mod/mime.pp
index f686930932..e4cdd35dc0 100644
--- a/manifests/mod/mime.pp
+++ b/manifests/mod/mime.pp
@@ -1,3 +1,17 @@
+# @summary
+# Installs and configures `mod_mime`.
+#
+# @param mime_support_package
+# Name of the MIME package to be installed.
+#
+# @param mime_types_config
+# The location of the mime.types file.
+#
+# @param mime_types_additional
+# List of additional MIME types to include.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_mime.html for additional documentation.
+#
class apache::mod::mime (
$mime_support_package = $::apache::params::mime_support_package,
$mime_types_config = $::apache::params::mime_types_config,
diff --git a/manifests/mod/mime_magic.pp b/manifests/mod/mime_magic.pp
index ecc74cfddc..582156ba2b 100644
--- a/manifests/mod/mime_magic.pp
+++ b/manifests/mod/mime_magic.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_mime_magic`.
+#
+# @param magic_file
+# Enable MIME-type determination based on file contents using the specified magic file.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_mime_magic.html for additional documentation.
+#
class apache::mod::mime_magic (
$magic_file = undef,
) {
diff --git a/manifests/mod/negotiation.pp b/manifests/mod/negotiation.pp
index 1bdea6bbb3..c24cdfac09 100644
--- a/manifests/mod/negotiation.pp
+++ b/manifests/mod/negotiation.pp
@@ -1,3 +1,14 @@
+# @summary
+# Installs and configures `mod_negotiation`.
+#
+# @param force_language_priority
+# Action to take if a single acceptable document is not found.
+#
+# @param language_priority
+# The precedence of language variants for cases where the client does not express a preference.
+#
+# @see [https://httpd.apache.org/docs/current/mod/mod_negotiation.html for additional documentation.
+#
class apache::mod::negotiation (
Variant[Array[String], String] $force_language_priority = 'Prefer Fallback',
Variant[Array[String], String] $language_priority = [ 'en', 'ca', 'cs', 'da', 'de', 'el', 'eo', 'es', 'et',
diff --git a/manifests/mod/nss.pp b/manifests/mod/nss.pp
index 8814c9366f..8df2aea382 100644
--- a/manifests/mod/nss.pp
+++ b/manifests/mod/nss.pp
@@ -1,3 +1,20 @@
+# @summary
+# Installs and configures `mod_nss`.
+#
+# @param transfer_log
+# Path to `access.log`.
+#
+# @param error_Log
+# Path to `error.log`
+#
+# @param passwd_file
+# Path to file containing token passwords used for NSSPassPhraseDialog.
+#
+# @param port
+# Sets the SSL port that should be used by mod_nss.
+#
+# @see https://pagure.io/mod_nss for additional documentation.
+#
class apache::mod::nss (
$transfer_log = "${::apache::params::logroot}/access.log",
$error_log = "${::apache::params::logroot}/error.log",
diff --git a/manifests/mod/pagespeed.pp b/manifests/mod/pagespeed.pp
index 052dad0b17..84f78dd7ae 100644
--- a/manifests/mod/pagespeed.pp
+++ b/manifests/mod/pagespeed.pp
@@ -1,3 +1,18 @@
+# @summary
+# Installs and configures `mod_pagespeed`.
+#
+# @todo
+# Add docs
+#
+# @note
+# Verify that your system is compatible with the latest Google Pagespeed requirements.
+#
+# Although this apache module requires the mod-pagespeed-stable package, Puppet does not manage the software repositories required to
+# automatically install the package. If you declare this class when the package is either not installed or not available to your
+# package manager, your Puppet run will fail.
+#
+# @see https://developers.google.com/speed/pagespeed/module/ for additional documentation.
+#
class apache::mod::pagespeed (
$inherit_vhost_config = 'on',
$filter_xhtml = false,
diff --git a/manifests/mod/passenger.pp b/manifests/mod/passenger.pp
index be12255a77..da684de54a 100644
--- a/manifests/mod/passenger.pp
+++ b/manifests/mod/passenger.pp
@@ -1,17 +1,308 @@
-# Manages the settings for the mod_passenger
-# The result is the /etc/mods-available/mod_passenger.conf file
+# @summary
+# Installs `mod_pasenger`.
#
-# Where do we get these settings?
-# Settings are dervied from https://www.phusionpassenger.com/library/config/apache/reference
-# Also in passenger source code you can strip out what are all the available options by looking in
-# * src/apache2_module/Configuration.cpp
-# * src/apache2_module/ConfigurationCommands.cpp
-# Note: in the src there are several undocumented settings.
+# @param manage_repo
+# Toggle whether to manage yum repo if on a RedHat node.
+#
+# @param mod_id
+# Specifies the package id.
+#
+# @param mod_lib
+# Defines the module's shared object name. Do not configure manually without special reason.
+#
+# @param mod_lib_path
+# Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter overrides
+# this value.
+#
+# @param mod_package
+# Name of the module package to install.
+#
+# @param mod_package_ensure
+# Determines whether Puppet ensures the module should be installed.
+#
+# @param mod_path
+# Specifies a path to the module. Do not manually set this parameter without a special reason.
+#
+# @param passenger_allow_encoded_slashes
+# Toggle whether URLs with encoded slashes (%2f) can be used (by default Apache does not support this).
+#
+# @param passenger_app_env
+# This option sets, for the current application, the value of the following environment variables:
+# - RAILS_ENV
+# - RACK_ENV
+# - WSGI_ENV
+# - NODE_ENV
+# - PASSENGER_APP_ENV
+#
+# @param passenger_app_group_name
+# Sets the name of the application group that the current application should belong to.
+#
+# @param passenger_app_root
+# Path to the application root which allows access independent from the DocumentRoot.
+#
+# @param passenger_app_type
+# Specifies the type of the application. If you set this option, then you must also set PassengerAppRoot, otherwise Passenger will
+# not properly recognize your application.
+#
+# @param passenger_base_uri
+# Used to specify that the given URI is an distinct application that should be served by Passenger.
+#
+# @param passenger_buffer_response
+# Toggle whether application-generated responses are buffered by Apache. Buffering will happen in memory.
+#
+# @param passenger_buffer_upload
+# Toggle whether HTTP client request bodies are buffered before they are sent to the application.
+#
+# @param passenger_concurrency_model
+# Specifies the I/O concurrency model that should be used for Ruby application processes.
+#
+# @param passenger_conf_file
+#
+#
+# @param passenger_conf_package_file
+#
+#
+# @param passenger_data_buffer_dir
+# Specifies the directory in which to store data buffers.
+#
+# @param passenger_debug_log_file
+#
+#
+# @param passenger_debugger
+# Turns support for Ruby application debugging on or off.
+#
+# @param passenger_default_group
+# Allows you to specify the group that applications must run as, if user switching fails or is disabled.
+#
+# @param passenger_default_ruby
+# File path to desired ruby interpreter to use by default.
+#
+# @param passenger_default_user
+# Allows you to specify the user that applications must run as, if user switching fails or is disabled.
+#
+# @param passenger_disable_security_update_check
+# Allows disabling the Passenger security update check, a daily check with https://securitycheck.phusionpassenger.com for important
+# security updates that might be available.
+#
+# @param passenger_enabled
+# Toggles whether Passenger should be enabled for that particular context.
+#
+# @param passenger_error_override
+# Toggles whether Apache will intercept and handle responses with HTTP status codes of 400 and higher.
+#
+# @param passenger_file_descriptor_log_file
+# Log file descriptor debug tracing messages to the given file.
+#
+# @param passenger_fly_with
+# Enables the Flying Passenger mode, and configures Apache to connect to the Flying Passenger daemon that's listening on the
+# given socket filename.
+#
+# @param passenger_force_max_concurrent_requests_per_process
+# Use this option to tell Passenger how many concurrent requests the application can handle per process.
+#
+# @param passenger_friendly_error_pages
+# Toggles whether Passenger should display friendly error pages whenever an application fails to start.
+#
+# @param passenger_group
+# Allows you to override that behavior and explicitly set a group to run the web application as, regardless of the ownership of the
+# startup file.
+#
+# @param passenger_high_performance
+# Toggles whether to enable PassengerHighPerformance which will make Passenger will be a little faster, in return for reduced
+# compatibility with other Apache modules.
+#
+# @param passenger_installed_version
+#
+#
+# @param passenger_instance_registry_dir
+# Specifies the directory that Passenger should use for registering its current instance.
+#
+# @param passenger_load_shell_envvars
+# Enables or disables the loading of shell environment variables before spawning the application.
+#
+# @param passenger_log_file
+# File path to log file. By default Passenger log messages are written to the Apache global error log.
+#
+# @param passenger_log_level
+# Specifies how much information Passenger should log to its log file. A higher log level value means that more
+# information will be logged.
+#
+# @param passenger_lve_min_uid
+# When using Passenger on a LVE-enabled kernel, a security check (enter) is run for spawning application processes. This options
+# tells the check to only allow processes with UIDs equal to, or higher than, the specified value.
+#
+# @param passenger_max_instances
+# The maximum number of application processes that may simultaneously exist for an application.
+#
+# @param passenger_max_instances_per_app
+# The maximum number of application processes that may simultaneously exist for a single application.
+#
+# @param passenger_max_pool_size
+# The maximum number of application processes that may simultaneously exist.
+#
+# @param passenger_max_preloader_idle_time
+# Set the preloader's idle timeout, in seconds. A value of 0 means that it should never idle timeout.
+#
+# @param passenger_max_request_queue_size
+# Specifies the maximum size for the queue of all incoming requests.
+#
+# @param passenger_max_request_time
+# The maximum amount of time, in seconds, that an application process may take to process a request.
+#
+# @param passenger_max_requests
+# The maximum number of requests an application process will process.
+#
+# @param passenger_memory_limit
+# The maximum amount of memory that an application process may use, in megabytes.
+#
+# @param passenger_meteor_app_settings
+# When using a Meteor application in non-bundled mode, use this option to specify a JSON file with settings for the application.
+#
+# @param passenger_min_instances
+# Specifies the minimum number of application processes that should exist for a given application.
+#
+# @param passenger_nodejs
+# Specifies the Node.js command to use for serving Node.js web applications.
+#
+# @param passenger_pool_idle_time
+# The maximum number of seconds that an application process may be idle.
+#
+# @param passenger_pre_start
+# URL of the web application you want to pre-start.
+#
+# @param passenger_python
+# Specifies the Python interpreter to use for serving Python web applications.
+#
+# @param passenger_resist_deployment_errors
+# Enables or disables resistance against deployment errors.
+#
+# @param passenger_resolve_symlinks_in_document_root
+# This option is no longer available in version 5.2.0. Switch to PassengerAppRoot if you are setting the application root via a
+# document root containing symlinks.
+#
+# @param passenger_response_buffer_high_watermark
+# Configures the maximum size of the real-time disk-backed response buffering system.
+#
+# @param passenger_restart_dir
+# Path to directory containing restart.txt file. Can be either absolute or relative.
+#
+# @param passenger_rolling_restarts
+# Enables or disables support for zero-downtime application restarts through restart.txt.
+#
+# @param passenger_root
+# Refers to the location to the Passenger root directory, or to a location configuration file.
+#
+# @param passenger_ruby
+# Specifies the Ruby interpreter to use for serving Ruby web applications.
+#
+# @param passenger_security_update_check_proxy
+# Allows use of an intermediate proxy for the Passenger security update check.
+#
+# @param passenger_show_version_in_header
+# Toggle whether Passenger will output its version number in the X-Powered-By header in all Passenger-served requests:
+#
+# @param passenger_socket_backlog
+# This option can be raised if Apache manages to overflow the backlog queue.
+#
+# @param passenger_spawn_method
+# Controls whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+#
+# @param passenger_start_timeout
+# Specifies a timeout for the startup of application processes.
+#
+# @param passenger_startup_file
+# Specifies the startup file that Passenger should use when loading the application.
+#
+# @param passenger_stat_throttle_rate
+# Setting this option to a value of x means that certain filesystem checks will be performed at most once every x seconds.
+#
+# @param passenger_sticky_sessions
+# Toggles whether all requests that a client sends will be routed to the same originating application process, whenever possible.
+#
+# @param passenger_sticky_sessions_cookie_name
+# Sets the name of the sticky sessions cookie.
+#
+# @param passenger_thread_count
+# Specifies the number of threads that Passenger should spawn per Ruby application process.
+#
+# @param passenger_use_global_queue
+# N/A.
+#
+# @param passenger_user
+# Allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of the
+# startup file.
+#
+# @param passenger_user_switching
+# Toggles whether to attempt to enable user account sandboxing, also known as user switching.
+#
+# @param rack_auto_detect
+# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rack_autodetect
+# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rack_base_uri
+# Deprecated in 3.0.0 in favor of PassengerBaseURI.
+#
+# @param rack_env
+# Alias for PassengerAppEnv.
+#
+# @param rails_allow_mod_rewrite
+# This option doesn't do anything anymore since version 4.0.0.
+#
+# @param rails_app_spawner_idle_time
+# This option has been removed in version 4.0.0, and replaced with PassengerMaxPreloaderIdleTime.
+#
+# @param rails_auto_detect
+# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rails_autodetect
+# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @param rails_base_uri
+# Deprecated in 3.0.0 in favor of PassengerBaseURI.
+#
+# @param rails_default_user
+# Deprecated in 3.0.0 in favor of PassengerDefaultUser
+#
+# @param rails_env
+# Alias for PassengerAppEnv.
+#
+# @param rails_framework_spawner_idle_time
+# This option is no longer available in version 4.0.0. There is no alternative because framework spawning has been removed
+# altogether. You should use smart spawning instead.
+#
+# @param rails_ruby
+# Deprecated in 3.0.0 in favor of PassengerRuby.
+#
+# @param rails_spawn_method
+# Deprecated in 3.0.0 in favor of PassengerSpawnMethod.
+#
+# @param rails_user_switching
+# Deprecated in 3.0.0 in favor of PassengerUserSwitching.
+#
+# @param wsgi_auto_detect
+# This option has been removed in version 4.0.0 as part of an optimization. You should use PassengerEnabled instead.
+#
+# @note
+# In Passenger source code you can strip out what are all the available options by looking in
+# - src/apache2_module/Configuration.cpp
+# - src/apache2_module/ConfigurationCommands.cpp
+# There are also several undocumented settings.
+#
+# @note
+# For Red Hat based systems, ensure that you meet the minimum requirements described in the passenger docs.
+#
+# The current set of server configurations settings were taken directly from the Passenger Reference. To enable deprecation warnings
+# and removal failure messages, set the passenger_installed_version to the version number installed on the server.
#
# Change Log:
-# * As of 08/13/2017 there are 84 available/deprecated/removed settings.
-# * Around 08/20/2017 UnionStation was discontinued options were removed.
-# * As of 08/20/2017 there are 77 available/deprecated/removed settings.
+# - As of 08/13/2017 there are 84 available/deprecated/removed settings.
+# - Around 08/20/2017 UnionStation was discontinued options were removed.
+# - As of 08/20/2017 there are 77 available/deprecated/removed settings.
+#
+# @see https://www.phusionpassenger.com/library/config/apache/reference/ for additional documentation.
+#
class apache::mod::passenger (
$manage_repo = true,
$mod_id = undef,
diff --git a/manifests/mod/perl.pp b/manifests/mod/perl.pp
index 3bfeac9770..60010a7ec3 100644
--- a/manifests/mod/perl.pp
+++ b/manifests/mod/perl.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_perl`.
+#
+# @see https://perl.apache.org for additional documentation.
+#
class apache::mod::perl {
include ::apache
::apache::mod { 'perl': }
diff --git a/manifests/mod/peruser.pp b/manifests/mod/peruser.pp
index 5683dd66ce..63f6a0a4aa 100644
--- a/manifests/mod/peruser.pp
+++ b/manifests/mod/peruser.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_peruser`.
+#
+# @todo
+# Add docs
class apache::mod::peruser (
$minspareprocessors = '2',
$minprocessors = '2',
diff --git a/manifests/mod/php.pp b/manifests/mod/php.pp
index 28f6404226..83f5dad3d4 100644
--- a/manifests/mod/php.pp
+++ b/manifests/mod/php.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_php`.
+#
+# @todo
+# Add docs
class apache::mod::php (
$package_name = undef,
$package_ensure = 'present',
diff --git a/manifests/mod/prefork.pp b/manifests/mod/prefork.pp
index 63e3a294f5..051d925af4 100644
--- a/manifests/mod/prefork.pp
+++ b/manifests/mod/prefork.pp
@@ -1,3 +1,38 @@
+# @summary
+# Installs and configures MPM `prefork`.
+#
+# @param startservers
+# Number of child server processes created at startup.
+#
+# @param minspareservers
+# Minimum number of idle child server processes.
+#
+# @param maxspareservers
+# Maximum number of idle child server processes.
+#
+# @param serverlimit
+# Upper limit on configurable number of processes.
+#
+# @param maxclients
+# Old alias for MaxRequestWorkers.
+#
+# @param maxrequestworkers
+# Maximum number of connections that will be processed simultaneously.
+#
+# @param maxrequestsperchild
+# Old alias for MaxConnectionsPerChild.
+#
+# @param maxconnectionsperchild
+# Limit on the number of connections that an individual child server will handle during its life.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param listenbacklog
+# Maximum length of the queue of pending connections.
+#
+# @see https://httpd.apache.org/docs/current/mod/prefork.html for additional documentation.
+#
class apache::mod::prefork (
$startservers = '8',
$minspareservers = '5',
diff --git a/manifests/mod/proxy.pp b/manifests/mod/proxy.pp
index 84d116508d..b5c7a381a4 100644
--- a/manifests/mod/proxy.pp
+++ b/manifests/mod/proxy.pp
@@ -1,3 +1,26 @@
+# @summary
+# Installs and configures `mod_proxy`.
+#
+# @param proxy_requests
+# Enables forward (standard) proxy requests.
+#
+# @param allow_from
+# List of IPs allowed to access proxy.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param package_name
+# Name of the proxy package to install.
+#
+# @param proxy_via
+# Set local IP address for outgoing proxy connections.
+#
+# @param proxy_timeout
+# Network timeout for proxied requests.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy.html for additional documentation.
+#
class apache::mod::proxy (
$proxy_requests = 'Off',
$allow_from = undef,
diff --git a/manifests/mod/proxy_ajp.pp b/manifests/mod/proxy_ajp.pp
index a011a17895..36bea00c83 100644
--- a/manifests/mod/proxy_ajp.pp
+++ b/manifests/mod/proxy_ajp.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_proxy_ajp`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_ajp.html for additional documentation.
+#
class apache::mod::proxy_ajp {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_ajp']
::apache::mod { 'proxy_ajp': }
diff --git a/manifests/mod/proxy_balancer.pp b/manifests/mod/proxy_balancer.pp
index dbc86df427..7089540af5 100644
--- a/manifests/mod/proxy_balancer.pp
+++ b/manifests/mod/proxy_balancer.pp
@@ -1,3 +1,20 @@
+# @summary
+# Installs and configures `mod_proxy_balancer`.
+#
+# @param manager
+# Toggle whether to enable balancer manager support.
+#
+# @param maanger_path
+# Server relative path to balancer manager.
+#
+# @param allow_from
+# List of IPs from which the balancer manager can be accessed.
+#
+# @param apache_version
+# Version of Apache to install module on.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_balancer.html for additional documentation.
+#
class apache::mod::proxy_balancer(
Boolean $manager = false,
Stdlib::Absolutepath $manager_path = '/balancer-manager',
diff --git a/manifests/mod/proxy_connect.pp b/manifests/mod/proxy_connect.pp
index cda5b89dc6..56103f611d 100644
--- a/manifests/mod/proxy_connect.pp
+++ b/manifests/mod/proxy_connect.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs `mod_proxy_connect`.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_connect.html for additional documentation.
+#
class apache::mod::proxy_connect (
$apache_version = undef,
) {
diff --git a/manifests/mod/proxy_fcgi.pp b/manifests/mod/proxy_fcgi.pp
index 21473eb762..84bc3d178f 100644
--- a/manifests/mod/proxy_fcgi.pp
+++ b/manifests/mod/proxy_fcgi.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_proxy_fcgi`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html for additional documentation.
+#
class apache::mod::proxy_fcgi {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_fcgi']
::apache::mod { 'proxy_fcgi': }
diff --git a/manifests/mod/proxy_html.pp b/manifests/mod/proxy_html.pp
index 94259bd77e..7cf4695446 100644
--- a/manifests/mod/proxy_html.pp
+++ b/manifests/mod/proxy_html.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_proxy_html`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_html.html for additional documentation.
+#
class apache::mod::proxy_html {
include ::apache
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_html']
diff --git a/manifests/mod/proxy_http.pp b/manifests/mod/proxy_http.pp
index 1579e68ee2..b80857c205 100644
--- a/manifests/mod/proxy_http.pp
+++ b/manifests/mod/proxy_http.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_proxy_http`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_http.html for additional documentation.
+#
class apache::mod::proxy_http {
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_http']
::apache::mod { 'proxy_http': }
diff --git a/manifests/mod/proxy_wstunnel.pp b/manifests/mod/proxy_wstunnel.pp
index 290954b742..14e3f9d356 100644
--- a/manifests/mod/proxy_wstunnel.pp
+++ b/manifests/mod/proxy_wstunnel.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_proxy_wstunnel`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_proxy_wstunnel.html for additional documentation.
+#
class apache::mod::proxy_wstunnel {
include ::apache, ::apache::mod::proxy
Class['::apache::mod::proxy'] -> Class['::apache::mod::proxy_wstunnel']
diff --git a/manifests/mod/python.pp b/manifests/mod/python.pp
index 67f578d419..3ad11b9fff 100644
--- a/manifests/mod/python.pp
+++ b/manifests/mod/python.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_python`.
+#
+# @param loadfile_name
+# Sets the name of the configuration file that is used to load the python module.
+#
+# @see https://github.com/grisha/mod_python for additional documentation.
+#
class apache::mod::python (
Optional[String] $loadfile_name = undef,
) {
diff --git a/manifests/mod/remoteip.pp b/manifests/mod/remoteip.pp
index d628819376..2c9b6fc58c 100644
--- a/manifests/mod/remoteip.pp
+++ b/manifests/mod/remoteip.pp
@@ -1,4 +1,5 @@
-# @summary Setup and load Apache `mod_remoteip`
+# @summary
+# Installs and configures `mod_remoteip`.
#
# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html
#
@@ -50,6 +51,8 @@
# A version string used to validate that your apache version supports
# `mod_remoteip`. If not specified, `$::apache::apache_version` is used.
#
+# @see https://httpd.apache.org/docs/current/mod/mod_remoteip.html for additional documentation.
+#
class apache::mod::remoteip (
String $header = 'X-Forwarded-For',
Optional[Array[Variant[Stdlib::Host,Stdlib::IP::Address]]] $internal_proxy = undef,
diff --git a/manifests/mod/reqtimeout.pp b/manifests/mod/reqtimeout.pp
index f166f6d6f6..8b4dbed3e0 100644
--- a/manifests/mod/reqtimeout.pp
+++ b/manifests/mod/reqtimeout.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs and configures `mod_reqtimeout`.
+#
+# @param timeouts
+# List of timeouts and data rates for receiving requests.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_reqtimeout.html for additional documentation.
+#
class apache::mod::reqtimeout (
$timeouts = ['header=20-40,minrate=500', 'body=10,minrate=500']
){
diff --git a/manifests/mod/rewrite.pp b/manifests/mod/rewrite.pp
index 694f0b6f5c..e7622b1975 100644
--- a/manifests/mod/rewrite.pp
+++ b/manifests/mod/rewrite.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_rewrite`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_rewrite.html for additional documentation.
+#
class apache::mod::rewrite {
include ::apache::params
::apache::mod { 'rewrite': }
diff --git a/manifests/mod/rpaf.pp b/manifests/mod/rpaf.pp
index b9afa149f2..21430a3669 100644
--- a/manifests/mod/rpaf.pp
+++ b/manifests/mod/rpaf.pp
@@ -1,3 +1,20 @@
+# @summary
+# Installs and configures `mod_rpaf`.
+#
+# @param sethostname
+# Toggles whether to update vhost name so ServerName and ServerAlias work.
+#
+# @param proxy_ips
+# List of IPs & bitmasked subnets to adjust requests for
+#
+# @param header
+# Header to use for the real IP address.
+#
+# @param template
+# Path to template to use for configuring mod_rpaf.
+#
+# @see https://github.com/gnif/mod_rpaf for additional documentation.
+#
class apache::mod::rpaf (
$sethostname = true,
$proxy_ips = [ '127.0.0.1' ],
diff --git a/manifests/mod/security.pp b/manifests/mod/security.pp
index 68d90b4e90..f7bef39c1d 100644
--- a/manifests/mod/security.pp
+++ b/manifests/mod/security.pp
@@ -1,3 +1,89 @@
+
+# @summary
+# Installs and configures `mod_security`.
+#
+# @param logroot
+# Configures the location of audit and debug logs.
+#
+# @param crs_package
+# Name of package that installs CRS rules.
+#
+# @param activated_rules
+# An array of rules from the modsec_crs_path or absolute to activate via symlinks.
+#
+# @param modsec_dir
+# Defines the path where Puppet installs the modsec configuration and activated rules links.
+#
+# @param modsec_secruleengine
+# Configures the rules engine.
+#
+# @param audit_log_relevant_status
+# Configures which response status code is to be considered relevant for the purpose of audit logging.
+#
+# @param audit_log_parts
+# Defines which parts of each transaction are going to be recorded in the audit log. Each part is assigned a single letter; when a
+# letter appears in the list then the equivalent part will be recorded.
+#
+# @param secpcrematchlimit
+# Sets the match limit in the PCRE library.
+#
+# @param secpcrematchlimitrecursion
+# Sets the match limit recursion in the PCRE library.
+#
+# @param allowed_methods
+# A space-separated list of allowed HTTP methods.
+#
+# @param content_types
+# A list of one or more allowed MIME types.
+#
+# @param restricted_extensions
+# A space-sparated list of prohibited file extensions.
+#
+# @param restricted_headers
+# A list of restricted headers separated by slashes and spaces.
+#
+# @param secdefaultaction
+# Defines the default list of actions, which will be inherited by the rules in the same configuration context.
+#
+# @param anomaly_score_blocking
+# Activates or deactivates the Collaborative Detection Blocking of the OWASP ModSecurity Core Rule Set.
+#
+# @param inbound_anomaly_threshold
+# Sets the scoring threshold level of the inbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+#
+# @param outbound_anomaly_threshold
+# Sets the scoring threshold level of the outbound blocking rules for the Collaborative Detection Mode in the OWASP ModSecurity Core Rule Set.
+#
+# @param critical_anomaly_score
+# Sets the Anomaly Score for rules assigned with a critical severity.
+#
+# @param error_anomaly_score
+# Sets the Anomaly Score for rules assigned with a error severity.
+#
+# @param warning_anomaly_score
+# Sets the Anomaly Score for rules assigned with a warning severity.
+#
+# @param notice_anomaly_score
+# Sets the Anomaly Score for rules assigned with a notice severity.
+#
+# @param secrequestmaxnumargs
+# Sets the maximum number of arguments in the request.
+#
+# @param secrequestbodylimit
+# Sets the maximum request body size ModSecurity will accept for buffering.
+#
+# @param secrequestbodynofileslimit
+# Configures the maximum request body size ModSecurity will accept for buffering, excluding the size of any files being transported
+# in the request.
+#
+# @param secrequestbodyinmemorylimit
+# Configures the maximum request body size that ModSecurity will store in memory.
+#
+# @param manage_security_crs
+# Toggles whether to manage ModSecurity Core Rule Set
+#
+# @see https://github.com/SpiderLabs/ModSecurity/wiki for additional documentation.
+#
class apache::mod::security (
$logroot = $::apache::params::logroot,
$crs_package = $::apache::params::modsec_crs_package,
diff --git a/manifests/mod/setenvif.pp b/manifests/mod/setenvif.pp
index d7baf582e3..6e07a32c1c 100644
--- a/manifests/mod/setenvif.pp
+++ b/manifests/mod/setenvif.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_setenvif`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_setenvif.html for additional documentation.
+#
class apache::mod::setenvif {
include ::apache
::apache::mod { 'setenvif': }
diff --git a/manifests/mod/shib.pp b/manifests/mod/shib.pp
index 318a3a3407..064e5b70bc 100644
--- a/manifests/mod/shib.pp
+++ b/manifests/mod/shib.pp
@@ -1,3 +1,28 @@
+# @summary
+# Installs and configures `mod_shib`.
+#
+# @param suppress_warning
+# Toggles whether to trigger warning on RedHat nodes.
+#
+# @param mod_full_path
+# Specifies a path to the module. Do not manually set this parameter without a special reason.
+#
+# @param package_name
+# Name of the Shibboleth package to be installed.
+#
+# @param mod_lib
+# Specifies a path to the module's libraries. Do not manually set this parameter without special reason. The `path` parameter
+# overrides this value.
+#
+# This class installs and configures only the Apache components of a web application that consumes Shibboleth SSO identities. You
+# can manage the Shibboleth configuration manually, with Puppet, or using a [Shibboleth Puppet Module](https://github.com/aethylred/puppet-shibboleth).
+#
+# @note
+# The Shibboleth module isn't available on RH/CentOS without providing dependency packages provided by Shibboleth's repositories.
+# See the [Shibboleth Service Provider Installation Guide](http://wiki.aaf.edu.au/tech-info/sp-install-guide).
+#
+# @see https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig for additional documentation.
+#
class apache::mod::shib (
$suppress_warning = false,
$mod_full_path = undef,
diff --git a/manifests/mod/socache_shmcb.pp b/manifests/mod/socache_shmcb.pp
index 7bfb4c6b57..e5b463ff58 100644
--- a/manifests/mod/socache_shmcb.pp
+++ b/manifests/mod/socache_shmcb.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_socache_shmcb`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_socache_shmcb.html for additional documentation.
+#
class apache::mod::socache_shmcb {
::apache::mod { 'socache_shmcb': }
-}
\ No newline at end of file
+}
diff --git a/manifests/mod/speling.pp b/manifests/mod/speling.pp
index fbd19d373c..dfd7433c86 100644
--- a/manifests/mod/speling.pp
+++ b/manifests/mod/speling.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_spelling`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_speling.html for additional documentation.
+#
class apache::mod::speling {
include ::apache
::apache::mod { 'speling': }
diff --git a/manifests/mod/ssl.pp b/manifests/mod/ssl.pp
index 3064bf815e..73bc91e98e 100644
--- a/manifests/mod/ssl.pp
+++ b/manifests/mod/ssl.pp
@@ -1,3 +1,79 @@
+# @summary
+# Installs `mod_ssl`.
+#
+# @param ssl_compression
+# Enable compression on the SSL level.
+#
+# @param ssl_cryptodevice
+# Enable use of a cryptographic hardware accelerator.
+#
+# @param ssl_options
+# Configure various SSL engine run-time options.
+#
+# @param ssl_openssl_conf_cmd
+# Configure OpenSSL parameters through its SSL_CONF API.
+#
+# @param ssl_cert
+# Path to server PEM-encoded X.509 certificate data file.
+#
+# @param ssl_key
+# Path to server PEM-encoded private key file
+#
+# @param ssl_ca
+# File of concatenated PEM-encoded CA Certificates for Client Auth.
+#
+# @param ssl_cipher
+# Cipher Suite available for negotiation in SSL handshake.
+#
+# @param ssl_honorcipherorder
+# Option to prefer the server's cipher preference order.
+#
+# @param ssl_protocol
+# Configure usable SSL/TLS protocol versions.
+#
+# @param ssl_proxy_protocol
+# Configure usable SSL protocol flavors for proxy usage.
+#
+# @param ssl_pass_phrase_dialog
+# Type of pass phrase dialog for encrypted private keys.
+#
+# @param ssl_random_seed_bytes
+# Pseudo Random Number Generator (PRNG) seeding source.
+#
+# @param ssl_sessioncache
+# Configures the storage type of the global/inter-process SSL Session Cache
+#
+# @param ssl_sessioncachetimeout
+# Number of seconds before an SSL session expires in the Session Cache.
+#
+# @param ssl_stapling
+# Enable stapling of OCSP responses in the TLS handshake.
+#
+# @param ssl_stapling_return_errors
+# Pass stapling related OCSP errors on to client.
+#
+# @param ssl_mutex
+# Configures mutex mechanism and lock file directory for all or specified mutexes.
+# Default based on the OS and/or Apache version:
+# - RedHat/FreeBSD/Suse/Gentoo: 'default'.
+# - Debian/Ubuntu + Apache >= 2.4: 'default'.
+# - Debian/Ubuntu + Apache < 2.4: 'file:${APACHE_RUN_DIR}/ssl_mutex'.
+# - Ubuntu 10.04: 'file:/var/run/apache2/ssl_mutex'.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param package_name
+# Name of ssl package to install.
+#
+# On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
+# file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.
+#
+# To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in
+# apache::vhost to true.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_ssl.html for additional documentation.
+#
class apache::mod::ssl (
Boolean $ssl_compression = false,
$ssl_cryptodevice = 'builtin',
diff --git a/manifests/mod/status.pp b/manifests/mod/status.pp
index 988e13b3cc..0eedf64ecb 100644
--- a/manifests/mod/status.pp
+++ b/manifests/mod/status.pp
@@ -1,14 +1,13 @@
-# Class: apache::mod::status
+# @summary
+# Installs and configures `mod_status`.
#
-# This class enables and configures Apache mod_status
-# See: http://httpd.apache.org/docs/current/mod/mod_status.html
+# @param allow_from
+# Array of hosts, ip addresses, partial network numbers or networks, in CIDR notation specifying what hosts can view the special
+# /server-status URL. Defaults to ['127.0.0.1', '::1'].
+# > Creates Apache < 2.4 directive "Allow from".
#
-# Parameters:
-# - $allow_from is an array of hosts, ip addresses, partial network numbers
-# or networks in CIDR notation specifying what hosts can view the special
-# /server-status URL. Defaults to ['127.0.0.1', '::1'].
-# > Creates Apache < 2.4 directive "Allow from"
-# - $requires is either a:
+# @param requires
+# A Variant type that can be:
# - String with:
# - '' or 'unmanaged' - Host auth control done elsewhere
# - 'ip ' - Allowed IPs/ranges
@@ -21,23 +20,23 @@
# This encloses "Require" directives in "" block
# Optional - If unspecified, "Require" directives follow current flow
# > Creates Apache >= 2.4 directives "Require"
-# - $extended_status track and display extended status information. Valid
-# values are 'On' or 'Off'. Defaults to 'On'.
-# - $status_path is the path assigned to the Location directive which
-# defines the URL to access the server status. Defaults to '/server-status'.
#
-# Actions:
-# - Enable and configure Apache mod_status
+# @param extended_status
+# Determines whether to track extended status information for each request, via the ExtendedStatus directive.
#
-# Requires:
-# - The apache class
+# @param status_path
+# Path assigned to the Location directive which defines the URL to access the server status.
#
-# Sample Usage:
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
#
-# # Simple usage allowing access from localhost and a private subnet
-# class { 'apache::mod::status':
-# $allow_from => ['127.0.0.1', '10.10.10.10/24'],
-# }
+# @example
+# # Simple usage allowing access from localhost and a private subnet
+# class { 'apache::mod::status':
+# $allow_from => ['127.0.0.1', '10.10.10.10/24'],
+# }
+#
+# @see http://httpd.apache.org/docs/current/mod/mod_status.html for additional documentation.
#
class apache::mod::status (
Optional[Array] $allow_from = undef,
diff --git a/manifests/mod/suexec.pp b/manifests/mod/suexec.pp
index ded013d499..b6a28b1f12 100644
--- a/manifests/mod/suexec.pp
+++ b/manifests/mod/suexec.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_suexec`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_suexec.html for additional documentation.
+#
class apache::mod::suexec {
::apache::mod { 'suexec': }
}
diff --git a/manifests/mod/suphp.pp b/manifests/mod/suphp.pp
index 52b8b3de94..1b998d9f3c 100644
--- a/manifests/mod/suphp.pp
+++ b/manifests/mod/suphp.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_suphp`.
+#
+# @see https://www.suphp.org/DocumentationView.html?file=apache/INSTALL for additional documentation.
+#
class apache::mod::suphp (
){
if ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '15.10') >= 0) or
diff --git a/manifests/mod/userdir.pp b/manifests/mod/userdir.pp
index 203b93dd11..cd0359e820 100644
--- a/manifests/mod/userdir.pp
+++ b/manifests/mod/userdir.pp
@@ -1,3 +1,29 @@
+# @summary
+# Installs and configures `mod_userdir`.
+#
+# @param home
+# *Deprecated* Path to system home directory.
+#
+# @param dir
+# *Deprecated* Path from user's home directory to public directory.
+#
+# @param disable_root
+# Toggles whether to allow use of root directory.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @param path
+# Path to directory or pattern from which to find user-specific directories.
+#
+# @param overrides
+# Array of directives that are allowed in .htaccess files.
+#
+# @param options
+# Configures what features are available in a particular directory.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_userdir.html for additional documentation.
+#
class apache::mod::userdir (
$home = undef,
$dir = undef,
diff --git a/manifests/mod/version.pp b/manifests/mod/version.pp
index 1cc4412e1d..a3a658c48a 100644
--- a/manifests/mod/version.pp
+++ b/manifests/mod/version.pp
@@ -1,3 +1,11 @@
+# @summary
+# Installs `mod_version`.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_version.html for additional documentation.
+#
class apache::mod::version(
$apache_version = $::apache::apache_version
) {
diff --git a/manifests/mod/vhost_alias.pp b/manifests/mod/vhost_alias.pp
index 30ae122e15..3ff6fd1aa3 100644
--- a/manifests/mod/vhost_alias.pp
+++ b/manifests/mod/vhost_alias.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs Apache `mod_vhost_alias`.
+#
+# @see https://httpd.apache.org/docs/current/mod/mod_vhost_alias.html for additional documentation.
+#
class apache::mod::vhost_alias {
::apache::mod { 'vhost_alias': }
}
diff --git a/manifests/mod/worker.pp b/manifests/mod/worker.pp
index 00a9439b31..695c4907bc 100644
--- a/manifests/mod/worker.pp
+++ b/manifests/mod/worker.pp
@@ -1,56 +1,46 @@
-# == Class: apache::mod::worker
+# @summary
+# Installs and manages the MPM `worker`.
#
+# @param startservers
+# The number of child server processes created on startup
#
-# === Parameters
-#
-# [*startservers*]
-# (optional) The number of child server processes created on startup
-# Defaults is '2'
-#
-# [*maxclients*]
-# (optional) The max number of simultaneous requests that will be served.
+# @param maxclients
+# The max number of simultaneous requests that will be served.
# This is the old name and is still supported. The new name is
# MaxRequestWorkers as of 2.3.13.
-# Default is '150'
#
-# [*minsparethreads*]
-# (optional) Minimum number of idle threads to handle request spikes.
-# Default is '25'
+# @param minsparethreads
+# Minimum number of idle threads to handle request spikes.
#
-# [*maxsparethreads*]
-# (optional) Maximum number of idle threads.
-# Default is '75'
+# @param maxsparethreads
+# Maximum number of idle threads.
#
-# [*threadsperchild*]
-# (optional) The number of threads created by each child process.
-# Default is '25'
+# @param threadsperchild
+# The number of threads created by each child process.
#
-# [*maxrequestsperchild*]
-# (optional) Limit on the number of connectiojns an individual child server
+# @param maxrequestsperchild
+# Limit on the number of connectiojns an individual child server
# process will handle. This is the old name and is still supported. The new
# name is MaxConnectionsPerChild as of 2.3.9+.
-# Default is '0'
#
-# [*serverlimit*]
-# (optional) With worker, use this directive only if your MaxRequestWorkers
+# @param serverlimit
+# With worker, use this directive only if your MaxRequestWorkers
# and ThreadsPerChild settings require more than 16 server processes
# (default). Do not set the value of this directive any higher than the
# number of server processes required by what you may want for
# MaxRequestWorkers and ThreadsPerChild.
-# Default is '25'
#
-# [*threadlimit*]
-# (optional) This directive sets the maximum configured value for
+# @param threadlimit
+# This directive sets the maximum configured value for
# ThreadsPerChild for the lifetime of the Apache httpd process.
-# Default is '64'
#
-# [*listenbacklog*]
-# (optional) Maximum length of the queue of pending connections.
-# Defaults is '511'
+# @param listenbacklog
+# Maximum length of the queue of pending connections.
+#
+# @param apache_version
+# Used to verify that the Apache version you have requested is compatible with the module.
#
-# [*apache_version*]
-# (optional)
-# Default is $::apache::apache_version
+# @see https://httpd.apache.org/docs/current/mod/worker.html for additional documentation.
#
class apache::mod::worker (
$startservers = '2',
diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp
index 38e7a86d56..94f34b98e1 100644
--- a/manifests/mod/wsgi.pp
+++ b/manifests/mod/wsgi.pp
@@ -1,3 +1,32 @@
+# @summary
+# Installs and configures `mod_wsgi`.
+#
+# @param wsgi_restrict_embedded
+# Enable restrictions on use of embedded mode.
+#
+# @param wsgi_socket_prefix
+# Configure directory to use for daemon sockets.
+#
+# @param wsgi_python_path
+# Additional directories to search for Python modules.
+#
+# @param wsgi_python_home
+# Absolute path to Python prefix/exec_prefix directories.
+#
+# @param wsgi_python_optimize
+# Enables basic Python optimisation features.
+#
+# @param wsgi_application_group
+# Sets which application group WSGI application belongs to.
+#
+# @param package_name
+# Names of package that installs mod_wsgi.
+#
+# @param mod_path
+# Defines the path to the mod_wsgi shared object (.so) file.
+#
+# @see https://github.com/GrahamDumpleton/mod_wsgi for additional documentation.
+#
class apache::mod::wsgi (
$wsgi_restrict_embedded = undef,
$wsgi_socket_prefix = $::apache::params::wsgi_socket_prefix,
diff --git a/manifests/mod/xsendfile.pp b/manifests/mod/xsendfile.pp
index 7c5e88437a..7d34ca7260 100644
--- a/manifests/mod/xsendfile.pp
+++ b/manifests/mod/xsendfile.pp
@@ -1,3 +1,8 @@
+# @summary
+# Installs `mod_xsendfile`.
+#
+# @see https://tn123.org/mod_xsendfile/ for additional documentation.
+#
class apache::mod::xsendfile {
include ::apache::params
::apache::mod { 'xsendfile': }
diff --git a/manifests/mpm.pp b/manifests/mpm.pp
index 7f3585c42f..270c89b54e 100644
--- a/manifests/mpm.pp
+++ b/manifests/mpm.pp
@@ -1,3 +1,6 @@
+# @summary Enables the use of Apache MPMs.
+#
+# @api private
define apache::mpm (
$lib_path = $::apache::lib_path,
$apache_version = $::apache::apache_version,
diff --git a/manifests/namevirtualhost.pp b/manifests/namevirtualhost.pp
index 4fa8795185..9701a1ac98 100644
--- a/manifests/namevirtualhost.pp
+++ b/manifests/namevirtualhost.pp
@@ -1,3 +1,9 @@
+# @summary
+# Enables name-based virtual hosts
+#
+# Adds all related directives to the `ports.conf` file in the Apache HTTPD configuration
+# directory. Titles can take the forms `\*`, `\*:\`, `\_default\_:\`,
+# `\`, or `\:\`.
define apache::namevirtualhost {
$addr_port = $name
diff --git a/manifests/package.pp b/manifests/package.pp
index 7c95f99800..46bd98d2ce 100644
--- a/manifests/package.pp
+++ b/manifests/package.pp
@@ -1,3 +1,7 @@
+# @summary
+# Installs an Apache MPM.
+#
+# @api private
class apache::package (
$ensure = 'present',
$mpm_module = $::apache::params::mpm_module,
diff --git a/manifests/params.pp b/manifests/params.pp
index c29a7bbf25..147f9bed53 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,23 +1,7 @@
-# Class: apache::params
-#
-# This class manages Apache parameters
-#
-# Parameters:
-# - The $user that Apache runs as
-# - The $group that Apache runs as
-# - The $apache_name is the name of the package and service on the relevant
-# distribution
-# - The $php_package is the name of the package that provided PHP
-# - The $ssl_package is the name of the Apache SSL package
-# - The $apache_dev is the name of the Apache development libraries package
-# - The $conf_contents is the contents of the Apache configuration file
-#
-# Actions:
-#
-# Requires:
-#
-# Sample Usage:
+# @summary
+# This class manages Apache parameters
#
+# @api private
class apache::params inherits ::apache::version {
if($::fqdn) {
$servername = $::fqdn
diff --git a/manifests/peruser/multiplexer.pp b/manifests/peruser/multiplexer.pp
index 97143a1d4f..e0e4a5ec58 100644
--- a/manifests/peruser/multiplexer.pp
+++ b/manifests/peruser/multiplexer.pp
@@ -1,3 +1,9 @@
+# @summary
+# Checks if an Apache module has a class.
+#
+# If Apache has a class, it includes that class. If it does not, it passes the module name to the `apache::mod` defined type.
+#
+# @api private
define apache::peruser::multiplexer (
$user = $::apache::user,
$group = $::apache::group,
diff --git a/manifests/peruser/processor.pp b/manifests/peruser/processor.pp
index 30de61d7c4..798ee95791 100644
--- a/manifests/peruser/processor.pp
+++ b/manifests/peruser/processor.pp
@@ -1,3 +1,7 @@
+# @summary
+# Enables the `Peruser` module for FreeBSD only.
+#
+# @api private
define apache::peruser::processor (
$user,
$group,
diff --git a/manifests/php.pp b/manifests/php.pp
index 9fa9c682e2..24758417ac 100644
--- a/manifests/php.pp
+++ b/manifests/php.pp
@@ -1,17 +1,10 @@
-# Class: apache::php
+# @summary
+# This class installs PHP for Apache.
#
-# This class installs PHP for Apache
-#
-# Parameters:
-# - $php_package
-#
-# Actions:
-# - Install Apache PHP package
-#
-# Requires:
-#
-# Sample Usage:
+# @note
+# This class is deprecated.
#
+# @api private
class apache::php {
warning('apache::php is deprecated; please use apache::mod::php')
include ::apache::mod::php
diff --git a/manifests/proxy.pp b/manifests/proxy.pp
index 050f36c278..1ecdaa8f8d 100644
--- a/manifests/proxy.pp
+++ b/manifests/proxy.pp
@@ -1,14 +1,10 @@
-# Class: apache::proxy
+# @summary
+# This class enabled the proxy module for Apache.
#
-# This class enabled the proxy module for Apache
-#
-# Actions:
-# - Enables Apache Proxy module
-#
-# Requires:
-#
-# Sample Usage:
+# @note
+# This class is deprecated.
#
+# @api private
class apache::proxy {
warning('apache::proxy is deprecated; please use apache::mod::proxy')
include ::apache::mod::proxy
diff --git a/manifests/python.pp b/manifests/python.pp
index 723a753f82..067ebc7867 100644
--- a/manifests/python.pp
+++ b/manifests/python.pp
@@ -1,6 +1,5 @@
-# Class: apache::python
-#
-# This class installs Python for Apache
+# @summary
+# This class installs Python for Apache
#
# Parameters:
# - $php_package
@@ -12,6 +11,7 @@
#
# Sample Usage:
#
+# @api private
class apache::python {
warning('apache::python is deprecated; please use apache::mod::python')
include ::apache::mod::python
diff --git a/manifests/security/rule_link.pp b/manifests/security/rule_link.pp
index 7edb1f442e..d8b79e156a 100644
--- a/manifests/security/rule_link.pp
+++ b/manifests/security/rule_link.pp
@@ -1,3 +1,7 @@
+# @summary
+# Links the activated_rules from `apache::mod::security` to the respective CRS rules on disk.
+#
+# @api private
define apache::security::rule_link () {
$parts = split($title, '/')
diff --git a/manifests/service.pp b/manifests/service.pp
index ff082dccbf..703d95f842 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -1,21 +1,7 @@
-# Class: apache::service
-#
-# Manages the Apache daemon
-#
-# Parameters:
-#
-# Actions:
-# - Manage Apache service
-#
-# Requires:
-#
-# Sample Usage:
-#
-# sometype { 'foo':
-# notify => Class['apache::service'],
-# }
-#
+# @summary
+# Installs and configures Apache service.
#
+# @api private
class apache::service (
$service_name = $::apache::params::service_name,
Boolean $service_enable = true,
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index d0b36593d6..c444263828 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -1,17 +1,10 @@
-# Class: apache::ssl
+# @summary
+# This class installs Apache SSL capabilities
#
-# This class installs Apache SSL capabilities
-#
-# Parameters:
-# - The $ssl_package name from the apache::params class
-#
-# Actions:
-# - Install Apache SSL capabilities
-#
-# Requires:
-#
-# Sample Usage:
+# @note
+# This class is deprecated.
#
+# @api private
class apache::ssl {
warning('apache::ssl is deprecated; please use apache::mod::ssl')
include ::apache::mod::ssl
diff --git a/manifests/version.pp b/manifests/version.pp
index 82c00c5f91..9116fadba3 100644
--- a/manifests/version.pp
+++ b/manifests/version.pp
@@ -1,7 +1,7 @@
-# Class: apache::version
-#
-# Try to automatically detect the version by OS
+# @summary
+# Try to automatically detect the version by OS
#
+# @api private
class apache::version(
Optional[String] $scl_httpd_version = undef,
Optional[String] $scl_php_version = undef,
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
index 6a77e764de..3f93e6a480 100644
--- a/manifests/vhost.pp
+++ b/manifests/vhost.pp
@@ -1,4 +1,1627 @@
-# See README.md for usage information
+# @summary
+# Allows specialised configurations for virtual hosts that possess requirements
+# outside of the defaults.
+#
+# The apache module allows a lot of flexibility in the setup and configuration of virtual hosts.
+# This flexibility is due, in part, to `vhost` being a defined resource type, which allows Apache
+# to evaluate it multiple times with different parameters.
+# The `apache::vhost` defined type allows you to have specialized configurations for virtual hosts
+# that have requirements outside the defaults. You can set up a default virtual host within
+# the base `::apache` class, as well as set a customized virtual host as the default.
+# Customized virtual hosts have a lower numeric `priority` than the base class's, causing
+# Apache to process the customized virtual host first.
+# The `apache::vhost` defined type uses `concat::fragment` to build the configuration file. To
+# inject custom fragments for pieces of the configuration that the defined type doesn't
+# inherently support, add a custom fragment.
+# For the custom fragment's `order` parameter, the `apache::vhost` defined type uses multiples
+# of 10, so any `order` that isn't a multiple of 10 should work.
+# > **Note:** When creating an `apache::vhost`, it cannot be named `default` or `default-ssl`,
+# because vhosts with these titles are always managed by the module. This means that you cannot
+# override `Apache::Vhost['default']` or `Apache::Vhost['default-ssl]` resources. An optional
+# workaround is to create a vhost named something else, such as `my default`, and ensure that the
+# `default` and `default_ssl` vhosts are set to `false`:
+#
+# @example
+# class { 'apache':
+# default_vhost => false,
+# default_ssl_vhost => false,
+# }
+#
+# @param apache_version
+# Apache's version number as a string, such as '2.2' or '2.4'.
+#
+# @param access_log
+# Determines whether to configure `*_access.log` directives (`*_file`,`*_pipe`, or `*_syslog`).
+#
+# @param access_log_env_var
+# Specifies that only requests with particular environment variables be logged.
+#
+# @param access_log_file
+# Sets the filename of the `*_access.log` placed in `logroot`. Given a virtual host ---for
+# instance, example.com--- it defaults to 'example.com_ssl.log' for
+# [SSL-encrypted](https://httpd.apache.org/docs/current/ssl/index.html) virtual hosts and
+# `example.com_access.log` for unencrypted virtual hosts.
+#
+# @param access_log_format
+# Specifies the use of either a `LogFormat` nickname or a custom-formatted string for the
+# access log.
+#
+# @param access_log_pipe
+# Specifies a pipe where Apache sends access log messages.
+#
+# @param access_log_syslog
+# Sends all access log messages to syslog.
+#
+# @param access_logs
+# Allows you to give a hash that specifies the state of each of the `access_log_*`
+# directives shown above, i.e. `access_log_pipe` and `access_log_syslog`.
+#
+# @param add_default_charset
+# Sets a default media charset value for the `AddDefaultCharset` directive, which is
+# added to `text/plain` and `text/html` responses.
+#
+# @param add_listen
+# Determines whether the virtual host creates a `Listen` statement.
+# Setting `add_listen` to `false` prevents the virtual host from creating a `Listen`
+# statement. This is important when combining virtual hosts that aren't passed an `ip`
+# parameter with those that are.
+#
+# @param use_optional_includes
+# Specifies whether Apache uses the `IncludeOptional` directive instead of `Include` for
+# `additional_includes` in Apache 2.4 or newer.
+#
+# @param additional_includes
+# Specifies paths to additional static, virtual host-specific Apache configuration files.
+# You can use this parameter to implement a unique, custom configuration not supported by
+# this module.
+#
+# @param aliases
+# Passes a list of [hashes][hash] to the virtual host to create `Alias`, `AliasMatch`,
+# `ScriptAlias` or `ScriptAliasMatch` directives as per the `mod_alias` documentation.
+# For example:
+# ``` puppet
+# aliases => [
+# { aliasmatch => '^/image/(.*)\.jpg$',
+# path => '/files/jpg.images/$1.jpg',
+# },
+# { alias => '/image',
+# path => '/ftp/pub/image',
+# },
+# { scriptaliasmatch => '^/cgi-bin(.*)',
+# path => '/usr/local/share/cgi-bin$1',
+# },
+# { scriptalias => '/nagios/cgi-bin/',
+# path => '/usr/lib/nagios/cgi-bin/',
+# },
+# { alias => '/nagios',
+# path => '/usr/share/nagios/html',
+# },
+# ],
+# ```
+# For the `alias`, `aliasmatch`, `scriptalias` and `scriptaliasmatch` keys to work, each needs
+# a corresponding context, such as `` or
+# ``. Puppet creates the directives in the order specified in
+# the `aliases` parameter. As described in the `mod_alias` documentation, add more specific
+# `alias`, `aliasmatch`, `scriptalias` or `scriptaliasmatch` parameters before the more
+# general ones to avoid shadowing.
+# > **Note**: Use the `aliases` parameter instead of the `scriptaliases` parameter because
+# you can precisely control the order of various alias directives. Defining `ScriptAliases`
+# using the `scriptaliases` parameter means *all* `ScriptAlias` directives will come after
+# *all* `Alias` directives, which can lead to `Alias` directives shadowing `ScriptAlias`
+# directives. This often causes problems; for example, this could cause problems with Nagios.
+# If `apache::mod::passenger` is loaded and `PassengerHighPerformance` is `true`, the `Alias`
+# directive might not be able to honor the `PassengerEnabled => off` statement. See
+# [this article](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html) for details.
+#
+# @param allow_encoded_slashes
+# Sets the `AllowEncodedSlashes` declaration for the virtual host, overriding the server
+# default. This modifies the virtual host responses to URLs with `\` and `/` characters. The
+# default setting omits the declaration from the server configuration and selects the
+# Apache default setting of `Off`.
+#
+# @param block
+# Specifies the list of things to which Apache blocks access. Valid options are: `scm` (which
+# blocks web access to `.svn`), `.git`, and `.bzr` directories.
+#
+# @param cas_attribute_prefix
+# Adds a header with the value of this header being the attribute values when SAML
+# validation is enabled.
+#
+# @param cas_attribute_delimiter
+# Sets the delimiter between attribute values in the header created by `cas_attribute_prefix`.
+#
+# @param cas_login_url
+# Sets the URL to which the module redirects users when they attempt to access a
+# CAS-protected resource and don't have an active session.
+#
+# @param cas_root_proxied_as
+# Sets the URL end users see when access to this Apache server is proxied per vhost.
+# This URL should not include a trailing slash.
+#
+# @param cas_scrub_request_headers
+# Remove inbound request headers that may have special meaning within mod_auth_cas.
+#
+# @param cas_sso_enabled
+# Enables experimental support for single sign out (may mangle POST data).
+#
+# @param cas_validate_saml
+# Parse response from CAS server for SAML.
+#
+# @param cas_validate_url
+# Sets the URL to use when validating a client-presented ticket in an HTTP query string.
+#
+# @param comment
+# Adds comments to the header of the configuration file. Pass as string or an array of strings.
+# For example:
+# ``` puppet
+# comment => "Account number: 123B",
+# ```
+# Or:
+# ``` puppet
+# comment => [
+# "Customer: X",
+# "Frontend domain: x.example.org",
+# ]
+# ```
+#
+# @param custom_fragment
+# Passes a string of custom configuration directives to place at the end of the virtual
+# host configuration.
+#
+# @param default_vhost
+# Sets a given `apache::vhost` defined type as the default to serve requests that do not
+# match any other `apache::vhost` defined types.
+#
+# @param directoryindex
+# Sets the list of resources to look for when a client requests an index of the directory
+# by specifying a '/' at the end of the directory name. See the `DirectoryIndex` directive
+# documentation for details.
+#
+# @param docroot
+# **Required**.
+# Sets the `DocumentRoot` location, from which Apache serves files.
+# If `docroot` and `manage_docroot` are both set to `false`, no `DocumentRoot` will be set
+# and the accompanying `` block will not be created.
+#
+# @param docroot_group
+# Sets group access to the `docroot` directory.
+#
+# @param docroot_owner
+# Sets individual user access to the `docroot` directory.
+#
+# @param docroot_mode
+# Sets access permissions for the `docroot` directory, in numeric notation.
+#
+# @param manage_docroot
+# Determines whether Puppet manages the `docroot` directory.
+#
+# @param error_log
+# Specifies whether `*_error.log` directives should be configured.
+#
+# @param error_log_file
+# Points the virtual host's error logs to a `*_error.log` file. If this parameter is
+# undefined, Puppet checks for values in `error_log_pipe`, then `error_log_syslog`.
+# If none of these parameters is set, given a virtual host `example.com`, Puppet defaults
+# to `$logroot/example.com_error_ssl.log` for SSL virtual hosts and
+# `$logroot/example.com_error.log` for non-SSL virtual hosts.
+#
+# @param error_log_pipe
+# Specifies a pipe to send error log messages to.
+# This parameter has no effect if the `error_log_file` parameter has a value. If neither
+# this parameter nor `error_log_file` has a value, Puppet then checks `error_log_syslog`.
+#
+# @param error_log_syslog
+# Determines whether to send all error log messages to syslog.
+# This parameter has no effect if either of the `error_log_file` or `error_log_pipe`
+# parameters has a value. If none of these parameters has a value, given a virtual host
+# `example.com`, Puppet defaults to `$logroot/example.com_error_ssl.log` for SSL virtual
+# hosts and `$logroot/example.com_error.log` for non-SSL virtual hosts.
+#
+# @param error_documents
+# A list of hashes which can be used to override the
+# [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
+# settings for this virtual host.
+# For example:
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# error_documents => [
+# { 'error_code' => '503', 'document' => '/service-unavail' },
+# { 'error_code' => '407', 'document' => 'https://example.com/proxy/login' },
+# ],
+# }
+# ```
+#
+# @param ensure
+# Specifies if the virtual host is present or absent.
+#
+# @param fallbackresource
+# Sets the [FallbackResource](https://httpd.apache.org/docs/current/mod/mod_dir.html#fallbackresource)
+# directive, which specifies an action to take for any URL that doesn't map to anything in
+# your filesystem and would otherwise return 'HTTP 404 (Not Found)'. Values must either begin
+# with a `/` or be `disabled`.
+#
+# @param fastcgi_server
+# Specify an external FastCGI server to manage a connection to.
+#
+# @param fastcgi_socket
+# Specify the socket that will be used to communicate with an external FastCGI server.
+#
+# @param fastcgi_idle_timeout
+# If using fastcgi, this option sets the timeout for the server to respond.
+#
+# @param fastcgi_dir
+# Specify an internal FastCGI directory that is to be managed.
+#
+# @param filters
+# [Filters](https://httpd.apache.org/docs/current/mod/mod_filter.html) enable smart,
+# context-sensitive configuration of output content filters.
+# ``` puppet
+# apache::vhost { "$::fqdn":
+# filters => [
+# 'FilterDeclare COMPRESS',
+# 'FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html',
+# 'FilterChain COMPRESS',
+# 'FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no',
+# ],
+# }
+# ```
+#
+# @param h2_copy_files
+# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles)
+# directive which influences how the requestion process pass files to the main connection.
+#
+# @param h2_direct
+# Sets the [H2Direct](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2direct)
+# directive which toggles the usage of the HTTP/2 Direct Mode.
+#
+# @param h2_early_hints
+# Sets the [H2EarlyHints](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2earlyhints)
+# directive which controls if HTTP status 103 interim responses are forwarded to
+# the client or not.
+#
+# @param h2_max_session_streams
+# Sets the [H2MaxSessionStreams](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2maxsessionstreams)
+# directive which sets the maximum number of active streams per HTTP/2 session
+# that the server allows.
+#
+# @param h2_modern_tls_only
+# Sets the [H2ModernTLSOnly](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2moderntlsonly)
+# directive which toggles the security checks on HTTP/2 connections in TLS mode.
+#
+# @param h2_push
+# Sets the [H2Push](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2push)
+# directive which toggles the usage of the HTTP/2 server push protocol feature.
+#
+# @param h2_push_diary_size
+# Sets the [H2PushDiarySize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushdiarysize)
+# directive which toggles the maximum number of HTTP/2 server pushes that are
+# remembered per HTTP/2 connection.
+#
+# @param h2_push_priority
+# Sets the [H2PushPriority](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushpriority)
+# directive which defines the priority handling of pushed responses based on the
+# content-type of the response.
+#
+# @param h2_push_resource
+# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource)
+# directive which declares resources for early pushing to the client.
+#
+# @param h2_serialize_headers
+# Sets the [H2SerializeHeaders](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2serializeheaders)
+# directive which toggles if HTTP/2 requests are serialized in HTTP/1.1
+# format for processing by httpd core.
+#
+# @param h2_stream_max_mem_size
+# Sets the [H2StreamMaxMemSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2streammaxmemsize)
+# directive which sets the maximum number of outgoing data bytes buffered in
+# memory for an active stream.
+#
+# @param h2_tls_cool_down_secs
+# Sets the [H2TLSCoolDownSecs](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlscooldownsecs)
+# directive which sets the number of seconds of idle time on a TLS connection
+# before the TLS write size falls back to a small (~1300 bytes) length.
+#
+# @param h2_tls_warm_up_size
+# Sets the [H2TLSWarmUpSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2tlswarmupsize)
+# directive which sets the number of bytes to be sent in small TLS records (~1300
+# bytes) until doing maximum sized writes (16k) on https: HTTP/2 connections.
+#
+# @param h2_upgrade
+# Sets the [H2Upgrade](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2upgrade)
+# directive which toggles the usage of the HTTP/1.1 Upgrade method for switching
+# to HTTP/2.
+#
+# @param h2_window_size
+# Sets the [H2WindowSize](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2windowsize)
+# directive which sets the size of the window that is used for flow control from
+# client to server and limits the amount of data the server has to buffer.
+#
+# @param headers
+# Adds lines to replace, merge, or remove response headers. See
+# [Apache's mod_headers documentation](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) for more information.
+#
+# @param ip
+# Sets the IP address the virtual host listens on. By default, uses Apache's default behavior
+# of listening on all IPs.
+#
+# @param ip_based
+# Enables an [IP-based](https://httpd.apache.org/docs/current/vhosts/ip-based.html) virtual
+# host. This parameter inhibits the creation of a NameVirtualHost directive, since those are
+# used to funnel requests to name-based virtual hosts.
+#
+# @param itk
+# Configures [ITK](http://mpm-itk.sesse.net/) in a hash.
+# Usage typically looks something like:
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# docroot => '/path/to/directory',
+# itk => {
+# user => 'someuser',
+# group => 'somegroup',
+# },
+# }
+# ```
+# Valid values are: a hash, which can include the keys:
+# * `user` + `group`
+# * `assignuseridexpr`
+# * `assigngroupidexpr`
+# * `maxclientvhost`
+# * `nice`
+# * `limituidrange` (Linux 3.5.0 or newer)
+# * `limitgidrange` (Linux 3.5.0 or newer)
+#
+# @param action
+# Specifies whether you wish to configure mod_actions action directive which will
+# activate cgi-script when triggered by a request.
+#
+# @param jk_mounts
+# Sets up a virtual host with `JkMount` and `JkUnMount` directives to handle the paths
+# for URL mapping between Tomcat and Apache.
+# The parameter must be an array of hashes where each hash must contain the `worker`
+# and either the `mount` or `unmount` keys.
+# Usage typically looks like:
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# jk_mounts => [
+# { mount => '/*', worker => 'tcnode1', },
+# { unmount => '/*.jpg', worker => 'tcnode1', },
+# ],
+# }
+# ```
+#
+# @param http_protocol_options
+# Specifies the strictness of HTTP protocol checks.
+#
+# @param keepalive
+# Determines whether to enable persistent HTTP connections with the `KeepAlive` directive
+# for the virtual host. By default, the global, server-wide `KeepAlive` setting is in effect.
+# Use the `keepalive_timeout` and `max_keepalive_requests` parameters to set relevant options
+# for the virtual host.
+#
+# @param keepalive_timeout
+# Sets the `KeepAliveTimeout` directive for the virtual host, which determines the amount
+# of time to wait for subsequent requests on a persistent HTTP connection. By default, the
+# global, server-wide `KeepAlive` setting is in effect.
+# This parameter is only relevant if either the global, server-wide `keepalive` parameter or
+# the per-vhost `keepalive` parameter is enabled.
+#
+# @param max_keepalive_requests
+# Limits the number of requests allowed per connection to the virtual host. By default,
+# the global, server-wide `KeepAlive` setting is in effect.
+# This parameter is only relevant if either the global, server-wide `keepalive` parameter or
+# the per-vhost `keepalive` parameter is enabled.
+#
+# @param auth_kerb
+# Enable `mod_auth_kerb` parameters for a virtual host.
+# Usage typically looks like:
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# auth_kerb => `true`,
+# krb_method_negotiate => 'on',
+# krb_auth_realms => ['EXAMPLE.ORG'],
+# krb_local_user_mapping => 'on',
+# directories => {
+# path => '/var/www/html',
+# auth_name => 'Kerberos Login',
+# auth_type => 'Kerberos',
+# auth_require => 'valid-user',
+# },
+# }
+# ```
+#
+# @param krb_method_negotiate
+# Determines whether to use the Negotiate method.
+#
+# @param krb_method_k5passwd
+# Determines whether to use password-based authentication for Kerberos v5.
+#
+# @param krb_authoritative
+# If set to `off`, authentication controls can be passed on to another module.
+#
+# @param krb_auth_realms
+# Specifies an array of Kerberos realms to use for authentication.
+#
+# @param krb_5keytab
+# Specifies the Kerberos v5 keytab file's location.
+#
+# @param krb_local_user_mapping
+# Strips @REALM from usernames for further use.
+#
+# @param krb_verify_kdc
+# This option can be used to disable the verification tickets against local keytab to prevent
+# KDC spoofing attacks.
+#
+# @param krb_servicename
+# Specifies the service name that will be used by Apache for authentication. Corresponding
+# key of this name must be stored in the keytab.
+#
+# @param krb_save_credentials
+# This option enables credential saving functionality.
+#
+# @param logroot
+# Specifies the location of the virtual host's logfiles.
+#
+# @param logroot_ensure
+# Determines whether or not to remove the logroot directory for a virtual host.
+#
+# @param logroot_mode
+# Overrides the mode the logroot directory is set to. Do *not* grant write access to the
+# directory the logs are stored in without being aware of the consequences; for more
+# information, see [Apache's log security documentation](https://httpd.apache.org/docs/2.4/logs.html#security).
+#
+# @param logroot_owner
+# Sets individual user access to the logroot directory.
+#
+# @param logroot_group
+# Sets group access to the `logroot` directory.
+#
+# @param log_level
+# Specifies the verbosity of the error log.
+#
+# @param modsec_body_limit
+# Configures the maximum request body size (in bytes) ModSecurity accepts for buffering.
+#
+# @param modsec_disable_vhost
+# Disables `mod_security` on a virtual host. Only valid if `apache::mod::security` is included.
+#
+# @param modsec_disable_ids
+# Removes `mod_security` IDs from the virtual host.
+# Also takes a hash allowing removal of an ID from a specific location.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# modsec_disable_ids => [ 90015, 90016 ],
+# }
+# ```
+#
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# modsec_disable_ids => { '/location1' => [ 90015, 90016 ] },
+# }
+# ```
+#
+# @param modsec_disable_ips
+# Specifies an array of IP addresses to exclude from `mod_security` rule matching.
+#
+# @param modsec_disable_msgs
+# Array of mod_security Msgs to remove from the virtual host. Also takes a hash allowing
+# removal of an Msg from a specific location.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# modsec_disable_msgs => ['Blind SQL Injection Attack', 'Session Fixation Attack'],
+# }
+# ```
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# modsec_disable_msgs => { '/location1' => ['Blind SQL Injection Attack', 'Session Fixation Attack'] },
+# }
+# ```
+#
+# @param modsec_disable_tags
+# Array of mod_security Tags to remove from the virtual host. Also takes a hash allowing
+# removal of an Tag from a specific location.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# modsec_disable_tags => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'],
+# }
+# ```
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# modsec_disable_tags => { '/location1' => ['WEB_ATTACK/SQL_INJECTION', 'WEB_ATTACK/XSS'] },
+# }
+# ```
+#
+# @param modsec_audit_log_file
+# If set, it is relative to `logroot`.
+# One of the parameters that determines how to send `mod_security` audit
+# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+# If none of those parameters are set, the global audit log is used
+# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+#
+# @param modsec_audit_log_pipe
+# If `modsec_audit_log_pipe` is set, it should start with a pipe. Example
+# `|/path/to/mlogc /path/to/mlogc.conf`.
+# One of the parameters that determines how to send `mod_security` audit
+# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+# If none of those parameters are set, the global audit log is used
+# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+#
+# @param modsec_audit_log
+# If `modsec_audit_log` is `true`, given a virtual host ---for instance, example.com--- it
+# defaults to `example.com\_security\_ssl.log` for SSL-encrypted virtual hosts
+# and `example.com\_security.log` for unencrypted virtual hosts.
+# One of the parameters that determines how to send `mod_security` audit
+# log ([SecAuditLog](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#SecAuditLog)).
+# If none of those parameters are set, the global audit log is used
+# (`/var/log/httpd/modsec\_audit.log`; Debian and derivatives: `/var/log/apache2/modsec\_audit.log`; others: ).
+#
+# @param no_proxy_uris
+# Specifies URLs you do not want to proxy. This parameter is meant to be used in combination
+# with [`proxy_dest`](#proxy_dest).
+#
+# @param no_proxy_uris_match
+# This directive is equivalent to `no_proxy_uris`, but takes regular expressions.
+#
+# @param proxy_preserve_host
+# Sets the [ProxyPreserveHost Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypreservehost).
+# Setting this parameter to `true` enables the `Host:` line from an incoming request to be
+# proxied to the host instead of hostname. Setting it to `false` sets this directive to 'Off'.
+#
+# @param proxy_add_headers
+# Sets the [ProxyAddHeaders Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyaddheaders).
+# This parameter controlls whether proxy-related HTTP headers (X-Forwarded-For,
+# X-Forwarded-Host and X-Forwarded-Server) get sent to the backend server.
+#
+# @param proxy_error_override
+# Sets the [ProxyErrorOverride Directive](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyerroroverride).
+# This directive controls whether Apache should override error pages for proxied content.
+#
+# @param options
+# Sets the `Options` for the specified virtual host. For example:
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# options => ['Indexes','FollowSymLinks','MultiViews'],
+# }
+# ```
+# > **Note**: If you use the `directories` parameter of `apache::vhost`, 'Options',
+# 'Override', and 'DirectoryIndex' are ignored because they are parameters within `directories`.
+#
+# @param override
+# Sets the overrides for the specified virtual host. Accepts an array of
+# [AllowOverride](https://httpd.apache.org/docs/current/mod/core.html#allowoverride) arguments.
+#
+# @param passenger_enabled
+# Sets the value for the [PassengerEnabled](http://www.modrails.com/documentation/Users%20guide%20Apache.html#PassengerEnabled)
+# directive to `on` or `off`. Requires `apache::mod::passenger` to be included.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# docroot => '/path/to/directory',
+# directories => [
+# { path => '/path/to/directory',
+# passenger_enabled => 'on',
+# },
+# ],
+# }
+# ```
+# > **Note:** There is an [issue](http://www.conandalton.net/2010/06/passengerenabled-off-not-working.html)
+# using the PassengerEnabled directive with the PassengerHighPerformance directive.
+#
+# @param passenger_base_uri
+# Sets [PassengerBaseURI](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbase_rui),
+# to specify that the given URI is a distinct application served by Passenger.
+#
+# @param passenger_ruby
+# Sets [PassengerRuby](https://www.phusionpassenger.com/library/config/apache/reference/#passengerruby),
+# specifying the Ruby interpreter to use when serving the relevant web applications.
+#
+# @param passenger_python
+# Sets [PassengerPython](https://www.phusionpassenger.com/library/config/apache/reference/#passengerpython),
+# specifying the Python interpreter to use when serving the relevant web applications.
+#
+# @param passenger_nodejs
+# Sets the [`PassengerNodejs`](https://www.phusionpassenger.com/library/config/apache/reference/#passengernodejs),
+# specifying Node.js command to use when serving the relevant web applications.
+#
+# @param passenger_meteor_app_settings
+# Sets [PassengerMeteorAppSettings](https://www.phusionpassenger.com/library/config/apache/reference/#passengermeteorappsettings),
+# specifying a JSON file with settings for the application when using a Meteor
+# application in non-bundled mode.
+#
+# @param passenger_app_env
+# Sets [PassengerAppEnv](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappenv),
+# the environment for the Passenger application. If not specified, defaults to the global
+# setting or 'production'.
+#
+# @param passenger_app_root
+# Sets [PassengerRoot](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapproot),
+# the location of the Passenger application root if different from the DocumentRoot.
+#
+# @param passenger_app_group_name
+# Sets [PassengerAppGroupName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerappgroupname),
+# the name of the application group that the current application should belong to.
+#
+# @param passenger_app_type
+# Sets [PassengerAppType](https://www.phusionpassenger.com/library/config/apache/reference/#passengerapptype),
+# to force Passenger to recognize the application as a specific type.
+#
+# @param passenger_startup_file
+# Sets the [PassengerStartupFile](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstartupfile)
+# path. This path is relative to the application root.
+#
+# @param passenger_restart_dir
+# Sets the [PassengerRestartDir](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrestartdir)
+# to customize the directory in which `restart.txt` is searched for.
+#
+# @param passenger_spawn_method
+# Sets [PassengerSpawnMethod](https://www.phusionpassenger.com/library/config/apache/reference/#passengerspawnmethod),
+# whether Passenger spawns applications directly, or using a prefork copy-on-write mechanism.
+#
+# @param passenger_load_shell_envvars
+# Sets [PassengerLoadShellEnvvars](https://www.phusionpassenger.com/library/config/apache/reference/#passengerloadshellenvvars),
+# to enable or disable the loading of shell environment variables before spawning the application.
+#
+# @param passenger_rolling_restarts
+# Sets [PassengerRollingRestarts](https://www.phusionpassenger.com/library/config/apache/reference/#passengerrollingrestarts),
+# to enable or disable support for zero-downtime application restarts through `restart.txt`.
+#
+# @param passenger_resist_deployment_errors
+# Sets [PassengerResistDeploymentErrors](https://www.phusionpassenger.com/library/config/apache/reference/#passengerresistdeploymenterrors),
+# to enable or disable resistance against deployment errors.
+#
+# @param passenger_user
+# Sets [PassengerUser](https://www.phusionpassenger.com/library/config/apache/reference/#passengeruser),
+# the running user for sandboxing applications.
+#
+# @param passenger_group
+# Sets [PassengerGroup](https://www.phusionpassenger.com/library/config/apache/reference/#passengergroup),
+# the running group for sandboxing applications.
+#
+# @param passenger_friendly_error_pages
+# Sets [PassengerFriendlyErrorPages](https://www.phusionpassenger.com/library/config/apache/reference/#passengerfriendlyerrorpages),
+# which can display friendly error pages whenever an application fails to start. This
+# friendly error page presents the startup error message, some suggestions for solving
+# the problem, a backtrace and a dump of the environment variables.
+#
+# @param passenger_min_instances
+# Sets [PassengerMinInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermininstances),
+# the minimum number of application processes to run.
+#
+# @param passenger_max_instances
+# Sets [PassengerMaxInstances](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxinstances),
+# the maximum number of application processes to run.
+#
+# @param passenger_max_preloader_idle_time
+# Sets [PassengerMaxPreloaderIdleTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxpreloaderidletime),
+# the maximum amount of time the preloader waits before shutting down an idle process.
+#
+# @param passenger_force_max_concurrent_requests_per_process
+# Sets [PassengerForceMaxConcurrentRequestsPerProcess](https://www.phusionpassenger.com/library/config/apache/reference/#passengerforcemaxconcurrentrequestsperprocess),
+# the maximum amount of concurrent requests the application can handle per process.
+#
+# @param passenger_start_timeout
+# Sets [PassengerStartTimeout](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstarttimeout),
+# the timeout for the application startup.
+#
+# @param passenger_concurrency_model
+# Sets [PassengerConcurrencyModel](https://www.phusionpassenger.com/library/config/apache/reference/#passengerconcurrencyodel),
+# to specify the I/O concurrency model that should be used for Ruby application processes.
+# Passenger supports two concurrency models:
+# * `process` – single-threaded, multi-processed I/O concurrency.
+# * `thread` – multi-threaded, multi-processed I/O concurrency.
+#
+# @param passenger_thread_count
+# Sets [PassengerThreadCount](https://www.phusionpassenger.com/library/config/apache/reference/#passengerthreadcount),
+# the number of threads that Passenger should spawn per Ruby application process.
+# This option only has effect if PassengerConcurrencyModel is `thread`.
+#
+# @param passenger_max_requests
+# Sets [PassengerMaxRequests](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequests),
+# the maximum number of requests an application process will process.
+#
+# @param passenger_max_request_time
+# Sets [PassengerMaxRequestTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequesttime),
+# the maximum amount of time, in seconds, that an application process may take to
+# process a request.
+#
+# @param passenger_memory_limit
+# Sets [PassengerMemoryLimit](https://www.phusionpassenger.com/library/config/apache/reference/#passengermemorylimit),
+# the maximum amount of memory that an application process may use, in megabytes.
+#
+# @param passenger_stat_throttle_rate
+# Sets [PassengerStatThrottleRate](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstatthrottlerate),
+# to set a limit, in seconds, on how often Passenger will perform it's filesystem checks.
+#
+# @param passenger_pre_start
+# Sets [PassengerPreStart](https://www.phusionpassenger.com/library/config/apache/reference/#passengerprestart),
+# the URL of the application if pre-starting is required.
+#
+# @param passenger_high_performance
+# Sets [PassengerHighPerformance](https://www.phusionpassenger.com/library/config/apache/reference/#passengerhighperformance),
+# to enhance performance in return for reduced compatibility.
+#
+# @param passenger_buffer_upload
+# Sets [PassengerBufferUpload](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferupload),
+# to buffer HTTP client request bodies before they are sent to the application.
+#
+# @param passenger_buffer_response
+# Sets [PassengerBufferResponse](https://www.phusionpassenger.com/library/config/apache/reference/#passengerbufferresponse),
+# to buffer Happlication-generated responses.
+#
+# @param passenger_error_override
+# Sets [PassengerErrorOverride](https://www.phusionpassenger.com/library/config/apache/reference/#passengererroroverride),
+# to specify whether Apache will intercept and handle response with HTTP status codes of
+# 400 and higher.
+#
+# @param passenger_max_request_queue_size
+# Sets [PassengerMaxRequestQueueSize](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuesize),
+# to specify the maximum amount of requests that are allowed to queue whenever the maximum
+# concurrent request limit is reached. If the queue is already at this specified limit, then
+# Passenger immediately sends a "503 Service Unavailable" error to any incoming requests.
+# A value of 0 means that the queue size is unbounded.
+#
+# @param passenger_max_request_queue_time
+# Sets [PassengerMaxRequestQueueTime](https://www.phusionpassenger.com/library/config/apache/reference/#passengermaxrequestqueuetime),
+# to specify the maximum amount of time that requests are allowed to stay in the queue
+# whenever the maximum concurrent request limit is reached. If a request reaches this specified
+# limit, then Passenger immeaditly sends a "504 Gateway Timeout" error for that request.
+# A value of 0 means that the queue time is unbounded.
+#
+# @param passenger_sticky_sessions
+# Sets [PassengerStickySessions](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessions),
+# to specify that, whenever possible, all requests sent by a client will be routed to the same
+# originating application process.
+#
+# @param passenger_sticky_sessions_cookie_name
+# Sets [PassengerStickySessionsCookieName](https://www.phusionpassenger.com/library/config/apache/reference/#passengerstickysessionscookiename),
+# to specify the name of the sticky sessions cookie.
+#
+# @param passenger_allow_encoded_slashes
+# Sets [PassengerAllowEncodedSlashes](https://www.phusionpassenger.com/library/config/apache/reference/#passengerallowencodedslashes),
+# to allow URLs with encoded slashes. Please note that this feature will not work properly
+# unless Apache's `AllowEncodedSlashes` is also enabled.
+#
+# @param passenger_debugger
+# Sets [PassengerDebugger](https://www.phusionpassenger.com/library/config/apache/reference/#passengerdebugger),
+# to turn support for Ruby application debugging on or off.
+#
+# @param passenger_lve_min_uid
+# Sets [PassengerLveMinUid](https://www.phusionpassenger.com/library/config/apache/reference/#passengerlveminuid),
+# to only allow the spawning of application processes with UIDs equal to, or higher than, this
+# specified value on LVE-enabled kernels.
+#
+# @param php_values
+# Allows per-virtual host setting [`php_value`s](http://php.net/manual/en/configuration.changes.php).
+# These flags or values can be overwritten by a user or an application.
+# Within a vhost declaration:
+# ``` puppet
+# php_values => [ 'include_path ".:/usr/local/example-app/include"' ],
+# ```
+#
+# @param php_flags
+# Allows per-virtual host setting [`php_flags\``](http://php.net/manual/en/configuration.changes.php).
+# These flags or values can be overwritten by a user or an application.
+#
+# @param php_admin_values
+# Allows per-virtual host setting [`php_admin_value`](http://php.net/manual/en/configuration.changes.php).
+# These flags or values cannot be overwritten by a user or an application.
+#
+# @param php_admin_flags
+# Allows per-virtual host setting [`php_admin_flag`](http://php.net/manual/en/configuration.changes.php).
+# These flags or values cannot be overwritten by a user or an application.
+#
+# @param port
+# Sets the port the host is configured on. The module's defaults ensure the host listens
+# on port 80 for non-SSL virtual hosts and port 443 for SSL virtual hosts. The host only
+# listens on the port set in this parameter.
+#
+# @param priority
+# Sets the relative load-order for Apache HTTPD VirtualHost configuration files.
+# If nothing matches the priority, the first name-based virtual host is used. Likewise,
+# passing a higher priority causes the alphabetically first name-based virtual host to be
+# used if no other names match.
+# > **Note:** You should not need to use this parameter. However, if you do use it, be
+# aware that the `default_vhost` parameter for `apache::vhost` passes a priority of '15'.
+# To omit the priority prefix in file names, pass a priority of `false`.
+#
+# @param protocols
+# Sets the [Protocols](https://httpd.apache.org/docs/current/en/mod/core.html#protocols)
+# directive, which lists available protocols for the virutal host.
+#
+# @param protocols_honor_order
+# Sets the [ProtocolsHonorOrder](https://httpd.apache.org/docs/current/en/mod/core.html#protocolshonororder)
+# directive which determines wether the order of Protocols sets precedence during negotiation.
+#
+# @param proxy_dest
+# Specifies the destination address of a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass) configuration.
+#
+# @param proxy_pass
+# Specifies an array of `path => URI` values for a [ProxyPass](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypass)
+# configuration. Optionally, parameters can be added as an array.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# proxy_pass => [
+# { 'path' => '/a', 'url' => 'http://backend-a/' },
+# { 'path' => '/b', 'url' => 'http://backend-b/' },
+# { 'path' => '/c', 'url' => 'http://backend-a/c', 'params' => {'max'=>20, 'ttl'=>120, 'retry'=>300}},
+# { 'path' => '/l', 'url' => 'http://backend-xy',
+# 'reverse_urls' => ['http://backend-x', 'http://backend-y'] },
+# { 'path' => '/d', 'url' => 'http://backend-a/d',
+# 'params' => { 'retry' => '0', 'timeout' => '5' }, },
+# { 'path' => '/e', 'url' => 'http://backend-a/e',
+# 'keywords' => ['nocanon', 'interpolate'] },
+# { 'path' => '/f', 'url' => 'http://backend-f/',
+# 'setenv' => ['proxy-nokeepalive 1','force-proxy-request-1.0 1']},
+# { 'path' => '/g', 'url' => 'http://backend-g/',
+# 'reverse_cookies' => [{'path' => '/g', 'url' => 'http://backend-g/',}, {'domain' => 'http://backend-g', 'url' => 'http:://backend-g',},], },
+# { 'path' => '/h', 'url' => 'http://backend-h/h',
+# 'no_proxy_uris' => ['/h/admin', '/h/server-status'] },
+# ],
+# }
+# ```
+# * `reverse_urls`. *Optional.* This setting is useful when used with `mod_proxy_balancer`. Values: an array or string.
+# * `reverse_cookies`. *Optional.* Sets `ProxyPassReverseCookiePath` and `ProxyPassReverseCookieDomain`.
+# * `params`. *Optional.* Allows for ProxyPass key-value parameters, such as connection settings.
+# * `setenv`. *Optional.* Sets [environment variables](https://httpd.apache.org/docs/current/mod/mod_proxy.html#envsettings) for the proxy directive. Values: array.
+#
+# @param proxy_dest_match
+# This directive is equivalent to `proxy_dest`, but takes regular expressions, see
+# [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
+# for details.
+#
+# @param proxy_dest_reverse_match
+# Allows you to pass a ProxyPassReverse if `proxy_dest_match` is specified. See
+# [ProxyPassReverse](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse)
+# for details.
+#
+# @param proxy_pass_match
+# This directive is equivalent to `proxy_pass`, but takes regular expressions, see
+# [ProxyPassMatch](https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassmatch)
+# for details.
+#
+# @param redirect_dest
+# Specifies the address to redirect to.
+#
+# @param redirect_source
+# Specifies the source URIs that redirect to the destination specified in `redirect_dest`.
+# If more than one item for redirect is supplied, the source and destination must be the same
+# length, and the items are order-dependent.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# redirect_source => ['/images','/downloads'],
+# redirect_dest => ['http://img.example.com/','http://downloads.example.com/'],
+# }
+# ```
+#
+# @param redirect_status
+# Specifies the status to append to the redirect.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# redirect_status => ['temp','permanent'],
+# }
+# ```
+#
+# @param redirectmatch_regexp
+# Determines which server status should be raised for a given regular expression
+# and where to forward the user to. Entered as an array alongside redirectmatch_status
+# and redirectmatch_dest.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# redirectmatch_status => ['404','404'],
+# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+# }
+# ```
+#
+# @param redirectmatch_status
+# Determines which server status should be raised for a given regular expression
+# and where to forward the user to. Entered as an array alongside redirectmatch_regexp
+# and redirectmatch_dest.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# redirectmatch_status => ['404','404'],
+# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+# }
+# ```
+#
+# @param redirectmatch_dest
+# Determines which server status should be raised for a given regular expression
+# and where to forward the user to. Entered as an array alongside redirectmatch_status
+# and redirectmatch_regexp.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# redirectmatch_status => ['404','404'],
+# redirectmatch_regexp => ['\.git(/.*|$)/','\.svn(/.*|$)'],
+# redirectmatch_dest => ['http://www.example.com/$1','http://www.example.com/$2'],
+# }
+# ```
+#
+# @param request_headers
+# Modifies collected [request headers](https://httpd.apache.org/docs/current/mod/mod_headers.html#requestheader)
+# in various ways, including adding additional request headers, removing request headers,
+# and so on.
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# request_headers => [
+# 'append MirrorID "mirror 12"',
+# 'unset MirrorID',
+# ],
+# }
+# ```
+#
+# @param rewrites
+# Creates URL rewrite rules. Expects an array of hashes.
+# Valid Hash keys include `comment`, `rewrite_base`, `rewrite_cond`, `rewrite_rule`
+# or `rewrite_map`.
+# For example, you can specify that anyone trying to access index.html is served welcome.html
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
+# }
+# ```
+# The parameter allows rewrite conditions that, when `true`, execute the associated rule.
+# For instance, if you wanted to rewrite URLs only if the visitor is using IE
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# rewrites => [
+# {
+# comment => 'redirect IE',
+# rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+# rewrite_rule => ['^index\.html$ welcome.html'],
+# },
+# ],
+# }
+# ```
+# You can also apply multiple conditions. For instance, rewrite index.html to welcome.html
+# only when the browser is Lynx or Mozilla (version 1 or 2)
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# rewrites => [
+# {
+# comment => 'Lynx or Mozilla v1/2',
+# rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+# rewrite_rule => ['^index\.html$ welcome.html'],
+# },
+# ],
+# }
+# ```
+# Multiple rewrites and conditions are also possible
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# rewrites => [
+# {
+# comment => 'Lynx or Mozilla v1/2',
+# rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+# rewrite_rule => ['^index\.html$ welcome.html'],
+# },
+# {
+# comment => 'Internet Explorer',
+# rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+# rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+# },
+# {
+# rewrite_base => /apps/,
+# rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+# },
+# { comment => 'Rewrite to lower case',
+# rewrite_cond => ['%{REQUEST_URI} [A-Z]'],
+# rewrite_map => ['lc int:tolower'],
+# rewrite_rule => ['(.*) ${lc:$1} [R=301,L]'],
+# },
+# ],
+# }
+# ```
+# Refer to the [`mod_rewrite` documentation](https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html)
+# for more details on what is possible with rewrite rules and conditions.
+# > **Note**: If you include rewrites in your directories, also include `apache::mod::rewrite`
+# and consider setting the rewrites using the `rewrites` parameter in `apache::vhost` rather
+# than setting the rewrites in the virtual host's directories.
+#
+# @param rewrite_base
+# The parameter [`rewrite_base`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase)
+# specifies the URL prefix to be used for per-directory (htaccess) RewriteRule directives
+# that substitue a relative path.
+#
+# @param rewrite_rule
+# The parameter [`rewrite_rile`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule)
+# allows the user to define the rules that will be used by the rewrite engine.
+#
+# @param rewrite_cond
+# The parameter [`rewrite_cond`](https://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond)
+# defines a rule condition, that when satisfied will implement that rule within the
+# rewrite engine.
+#
+# @param rewrite_inherit
+# Determines whether the virtual host inherits global rewrite rules.
+# Rewrite rules may be specified globally (in `$conf_file` or `$confd_dir`) or
+# inside the virtual host `.conf` file. By default, virtual hosts do not inherit
+# global settings. To activate inheritance, specify the `rewrites` parameter and set
+# `rewrite_inherit` parameter to `true`:
+# ``` puppet
+# apache::vhost { 'site.name.fdqn':
+# …
+# rewrites => [
+# ,
+# ],
+# rewrite_inherit => `true`,
+# }
+# ```
+# > **Note**: The `rewrites` parameter is **required** for this to have effect
+# Apache activates global `Rewrite` rules inheritance if the virtual host files contains
+# the following directives:
+# ``` ApacheConf
+# RewriteEngine On
+# RewriteOptions Inherit
+# ```
+# Refer to the official [`mod_rewrite`](https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html)
+# documentation, section "Rewriting in Virtual Hosts".
+#
+# @param scriptalias
+# Defines a directory of CGI scripts to be aliased to the path '/cgi-bin', such as
+# '/usr/scripts'.
+#
+# @param scriptaliases
+# > **Note**: This parameter is deprecated in favor of the `aliases` parameter.
+# Passes an array of hashes to the virtual host to create either ScriptAlias or
+# ScriptAliasMatch statements per the `mod_alias` documentation.
+# ``` puppet
+# scriptaliases => [
+# {
+# alias => '/myscript',
+# path => '/usr/share/myscript',
+# },
+# {
+# aliasmatch => '^/foo(.*)',
+# path => '/usr/share/fooscripts$1',
+# },
+# {
+# aliasmatch => '^/bar/(.*)',
+# path => '/usr/share/bar/wrapper.sh/$1',
+# },
+# {
+# alias => '/neatscript',
+# path => '/usr/share/neatscript',
+# },
+# ]
+# ```
+# The ScriptAlias and ScriptAliasMatch directives are created in the order specified.
+# As with [Alias and AliasMatch](#aliases) directives, specify more specific aliases
+# before more general ones to avoid shadowing.
+#
+# @param serveradmin
+# Specifies the email address Apache displays when it renders one of its error pages.
+#
+# @param serveraliases
+# Sets the [ServerAliases](https://httpd.apache.org/docs/current/mod/core.html#serveralias)
+# of the site.
+#
+# @param servername
+# Sets the servername corresponding to the hostname you connect to the virtual host at.
+#
+# @param setenv
+# Used by HTTPD to set environment variables for virtual hosts.
+# Example:
+# ``` puppet
+# apache::vhost { 'setenv.example.com':
+# setenv => ['SPECIAL_PATH /foo/bin'],
+# }
+# ```
+#
+# @param setenvif
+# Used by HTTPD to conditionally set environment variables for virtual hosts.
+#
+# @param setenvifnocase
+# Used by HTTPD to conditionally set environment variables for virtual hosts (caseless matching).
+#
+# @param suexec_user_group
+# Allows the spcification of user and group execution privileges for CGI programs through
+# inclusion of the `mod_suexec` module.
+#
+# @param suphp_addhandler
+# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+# working together with suphp_configpath and suphp_engine.
+# An example virtual host configuration with suPHP:
+# ``` puppet
+# apache::vhost { 'suphp.example.com':
+# port => '80',
+# docroot => '/home/appuser/myphpapp',
+# suphp_addhandler => 'x-httpd-php',
+# suphp_engine => 'on',
+# suphp_configpath => '/etc/php5/apache2',
+# directories => { path => '/home/appuser/myphpapp',
+# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+# }
+# }
+# ```
+#
+# @param suphp_configpath
+# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+# working together with suphp_addhandler and suphp_engine.
+# An example virtual host configuration with suPHP:
+# ``` puppet
+# apache::vhost { 'suphp.example.com':
+# port => '80',
+# docroot => '/home/appuser/myphpapp',
+# suphp_addhandler => 'x-httpd-php',
+# suphp_engine => 'on',
+# suphp_configpath => '/etc/php5/apache2',
+# directories => { path => '/home/appuser/myphpapp',
+# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+# }
+# }
+# ```
+#
+# @param suphp_engine
+# Sets up a virtual host with [suPHP](http://suphp.org/DocumentationView.html?file=apache/CONFIG)
+# working together with suphp_configpath and suphp_addhandler.
+# An example virtual host configuration with suPHP:
+# ``` puppet
+# apache::vhost { 'suphp.example.com':
+# port => '80',
+# docroot => '/home/appuser/myphpapp',
+# suphp_addhandler => 'x-httpd-php',
+# suphp_engine => 'on',
+# suphp_configpath => '/etc/php5/apache2',
+# directories => { path => '/home/appuser/myphpapp',
+# 'suphp' => { user => 'myappuser', group => 'myappgroup' },
+# }
+# }
+# ```
+#
+# @param vhost_name
+# Enables name-based virtual hosting. If no IP is passed to the virtual host, but the
+# virtual host is assigned a port, then the virtual host name is `vhost_name:port`.
+# If the virtual host has no assigned IP or port, the virtual host name is set to the
+# title of the resource.
+#
+# @param virtual_docroot
+# Sets up a virtual host with a wildcard alias subdomain mapped to a directory with the
+# same name. For example, `http://example.com` would map to `/var/www/example.com`.
+# ``` puppet
+# apache::vhost { 'subdomain.loc':
+# vhost_name => '*',
+# port => '80',
+# virtual_docroot => '/var/www/%-2+',
+# docroot => '/var/www',
+# serveraliases => ['*.loc',],
+# }
+# ```
+#
+# @param wsgi_daemon_process
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process_options, wsgi_process_group,
+# wsgi_script_aliases and wsgi_pass_authorization.
+# A hash that sets the name of the WSGI daemon, accepting
+# [certain keys](http://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIDaemonProcess.html).
+# An example virtual host configuration with WSGI:
+# ``` puppet
+# apache::vhost { 'wsgi.example.com':
+# port => '80',
+# docroot => '/var/www/pythonapp',
+# wsgi_daemon_process => 'wsgi',
+# wsgi_daemon_process_options =>
+# { processes => '2',
+# threads => '15',
+# display-name => '%{GROUP}',
+# },
+# wsgi_process_group => 'wsgi',
+# wsgi_script_aliases => { '/' => '/var/www/demo.wsgi' },
+# wsgi_chunked_request => 'On',
+# }
+# ```
+#
+# @param wsgi_daemon_process_options
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_process_group,
+# wsgi_script_aliases and wsgi_pass_authorization.
+# Sets the group ID that the virtual host runs under.
+#
+# @param wsgi_application_group
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+# and wsgi_pass_authorization.
+# This parameter defines the [`WSGIApplicationGroup directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html),
+# thus allowing you to specify which application group the WSGI application belongs to,
+# with all WSGI applications within the same group executing within the context of the
+# same Python sub interpreter.
+#
+# @param wsgi_import_script
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+# and wsgi_pass_authorization.
+# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+# which can be used in order to specify a script file to be loaded upon a process starting.
+#
+# @param wsgi_import_script_options
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+# and wsgi_pass_authorization.
+# This parameter defines the [`WSGIImportScript directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIImportScript.html),
+# which can be used in order to specify a script file to be loaded upon a process starting.
+# Specifies the process and aplication groups of the script.
+#
+# @param wsgi_chunked_request
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+# and wsgi_pass_authorization.
+# This parameter defines the [`WSGIChunkedRequest directive`](https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIChunkedRequest.html),
+# allowing you to enable support for chunked request content.
+# WSGI is technically incapable of supporting chunked request content without all chunked
+# request content having first been read in and buffered.
+#
+# @param wsgi_process_group
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options,
+# wsgi_script_aliases and wsgi_pass_authorization.
+# Requires a hash of web paths to filesystem `.wsgi paths/`.
+#
+# @param wsgi_script_aliases
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+# and wsgi_pass_authorization.
+# Uses the WSGI application to handle authorization instead of Apache when set to `On`.
+# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+#
+# @param wsgi_script_aliases_match
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group,
+# and wsgi_pass_authorization.
+# Uses the WSGI application to handle authorization instead of Apache when set to `On`.
+# This directive is similar to `wsgi_script_aliases`, but makes use of regular expressions
+# in place of simple prefix matching.
+# For more information, see mod_wsgi's [WSGIPassAuthorization documentation](https://modwsgi.readthedocs.org/en/latest/configuration-directives/WSGIPassAuthorization.html).
+#
+# @param wsgi_pass_authorization
+# Sets up a virtual host with [WSGI](https://github.com/GrahamDumpleton/mod_wsgi) alongside
+# wsgi_daemon_process, wsgi_daemon_process_options, wsgi_process_group and
+# wsgi_script_aliases.
+# Enables support for chunked requests.
+#
+# @param directories
+# The `directories` parameter within the `apache::vhost` class passes an array of hashes
+# to the virtual host to create [Directory](https://httpd.apache.org/docs/current/mod/core.html#directory),
+# [File](https://httpd.apache.org/docs/current/mod/core.html#files), and
+# [Location](https://httpd.apache.org/docs/current/mod/core.html#location) directive blocks.
+# These blocks take the form, `< Directory /path/to/directory>...< /Directory>`.
+# The `path` key sets the path for the directory, files, and location blocks. Its value
+# must be a path for the `directory`, `files`, and `location` providers, or a regex for
+# the `directorymatch`, `filesmatch`, or `locationmatch` providers. Each hash passed to
+# `directories` **must** contain `path` as one of the keys.
+# The `provider` key is optional. If missing, this key defaults to `directory`.
+# Values: `directory`, `files`, `proxy`, `location`, `directorymatch`, `filesmatch`,
+# `proxymatch` or `locationmatch`. If you set `provider` to `directorymatch`, it
+# uses the keyword `DirectoryMatch` in the Apache config file.
+# An example use of `directories`:
+# ``` puppet
+# apache::vhost { 'files.example.net':
+# docroot => '/var/www/files',
+# directories => [
+# { 'path' => '/var/www/files',
+# 'provider' => 'files',
+# 'deny' => 'from all',
+# },
+# ],
+# }
+# ```
+# > **Note:** At least one directory should match the `docroot` parameter. After you
+# start declaring directories, `apache::vhost` assumes that all required Directory blocks
+# will be declared. If not defined, a single default Directory block is created that matches
+# the `docroot` parameter.
+# Available handlers, represented as keys, should be placed within the `directory`,
+# `files`, or `location` hashes. This looks like
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# docroot => '/path/to/directory',
+# directories => [ { path => '/path/to/directory', handler => value } ],
+# }
+# ```
+# Any handlers you do not set in these hashes are considered `undefined` within Puppet and
+# are not added to the virtual host, resulting in the module using their default values.
+#
+# @param custom_fragment
+# Pass a string of custom configuration directives to be placed at the end of the directory
+# configuration.
+# ``` puppet
+# apache::vhost { 'monitor':
+# …
+# directories => [
+# {
+# path => '/path/to/directory',
+# custom_fragment => '
+#
+# SetHandler balancer-manager
+# Order allow,deny
+# Allow from all
+#
+#
+# SetHandler server-status
+# Order allow,deny
+# Allow from all
+#
+# ProxyStatus On',
+# },
+# ]
+# }
+# ```
+#
+# @param error_documents
+# An array of hashes used to override the [ErrorDocument](https://httpd.apache.org/docs/current/mod/core.html#errordocument)
+# settings for the directory.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# directories => [
+# { path => '/srv/www',
+# error_documents => [
+# { 'error_code' => '503',
+# 'document' => '/service-unavail',
+# },
+# ],
+# },
+# ],
+# }
+# ```
+#
+# @param h2_copy_files
+# Sets the [H2CopyFiles](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2copyfiles) directive.
+# Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+#
+# @param h2_push_resource
+# Sets the [H2PushResource](https://httpd.apache.org/docs/current/mod/mod_http2.html#h2pushresource) directive.
+# Note that you must declare `class {'apache::mod::http2': }` before using this directive.
+#
+# @param headers
+# Adds lines for [Header](https://httpd.apache.org/docs/current/mod/mod_headers.html#header) directives.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# docroot => '/path/to/directory',
+# directories => {
+# path => '/path/to/directory',
+# headers => 'Set X-Robots-Tag "noindex, noarchive, nosnippet"',
+# },
+# }
+# ```
+#
+# @param options
+# Lists the [Options](https://httpd.apache.org/docs/current/mod/core.html#options) for the
+# given Directory block.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# docroot => '/path/to/directory',
+# directories => [
+# { path => '/path/to/directory',
+# options => ['Indexes','FollowSymLinks','MultiViews'],
+# },
+# ],
+# }
+# ```
+#
+# @param shib_compat_valid_user
+# Default is Off, matching the behavior prior to this command's existence. Addresses a conflict
+# when using Shibboleth in conjunction with other auth/auth modules by restoring `standard`
+# Apache behavior when processing the `valid-user` and `user` Require rules. See the
+# [`mod_shib`documentation](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions),
+# and [NativeSPhtaccess](https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPhtaccess)
+# topic for more details. This key is disabled if `apache::mod::shib` is not defined.
+#
+# @param ssl_options
+# String or list of [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions),
+# which configure SSL engine run-time options. This handler takes precedence over SSLOptions
+# set in the parent block of the virtual host.
+# ``` puppet
+# apache::vhost { 'secure.example.net':
+# docroot => '/path/to/directory',
+# directories => [
+# { path => '/path/to/directory',
+# ssl_options => '+ExportCertData',
+# },
+# { path => '/path/to/different/dir',
+# ssl_options => ['-StdEnvVars', '+ExportCertData'],
+# },
+# ],
+# }
+# ```
+#
+# @param additional_includes
+# Specifies paths to additional static, specific Apache configuration files in virtual
+# host directories.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# docroot => '/path/to/directory',
+# directories => [
+# { path => '/path/to/different/dir',
+# additional_includes => ['/custom/path/includes', '/custom/path/another_includes',],
+# },
+# ],
+# }
+# ```
+#
+# @param ssl
+# Enables SSL for the virtual host. SSL virtual hosts only respond to HTTPS queries.
+#
+# @param ssl_ca
+# Specifies the SSL certificate authority to be used to verify client certificates used
+# for authentication. You must also set `ssl_verify_client` to use this.
+#
+# @param ssl_cert
+# Specifies the SSL certification.
+#
+# @param ssl_protocol
+# Specifies [SSLProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol).
+# Expects an array or space separated string of accepted protocols.
+#
+# @param ssl_cipher
+# Specifies [SSLCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslciphersuite).
+#
+# @param ssl_honorcipherorder
+# Sets [SSLHonorCipherOrder](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslhonorcipherorder),
+# to cause Apache to use the server's preferred order of ciphers rather than the client's
+# preferred order.
+#
+# @param ssl_certs_dir
+# Specifies the location of the SSL certification directory to verify client certs. Will not
+# be used unless `ssl_verify_client` is also set (see below).
+#
+# @param ssl_chain
+# Specifies the SSL chain. This default works out of the box, but it must be updated in
+# the base `apache` class with your specific certificate information before being used in
+# production.
+#
+# @param ssl_crl
+# Specifies the certificate revocation list to use. (This default works out of the box but
+# must be updated in the base `apache` class with your specific certificate information
+# before being used in production.)
+#
+# @param ssl_crl_path
+# Specifies the location of the certificate revocation list to verify certificates for
+# client authentication with. (This default works out of the box but must be updated in
+# the base `apache` class with your specific certificate information before being used in
+# production.)
+#
+# @param ssl_crl_check
+# Sets the certificate revocation check level via the [SSLCARevocationCheck directive](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcarevocationcheck)
+# for ssl client authentication. The default works out of the box but must be specified when
+# using CRLs in production. Only applicable to Apache 2.4 or higher; the value is ignored on
+# older versions.
+#
+# @param ssl_key
+# Specifies the SSL key.
+# Defaults are based on your operating system. Default work out of the box but must be
+# updated in the base `apache` class with your specific certificate information before
+# being used in production.
+#
+# @param ssl_verify_client
+# Sets the [SSLVerifyClient](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifyclient)
+# directive, which sets the certificate verification level for client authentication.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# …
+# ssl_verify_client => 'optional',
+# }
+# ```
+#
+# @param ssl_verify_depth
+# Sets the [SSLVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslverifydepth)
+# directive, which specifies the maximum depth of CA certificates in client certificate
+# verification. You must set `ssl_verify_client` for it to take effect.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# …
+# ssl_verify_client => 'require',
+# ssl_verify_depth => 1,
+# }
+# ```
+#
+# @param ssl_proxy_protocol
+# Sets the [SSLProxyProtocol](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyprotocol)
+# directive, which controls which SSL protocol flavors `mod_ssl` should use when establishing
+# its server environment for proxy. It connects to servers using only one of the provided
+# protocols.
+#
+# @param ssl_proxy_verify
+# Sets the [SSLProxyVerify](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverify)
+# directive, which configures certificate verification of the remote server when a proxy is
+# configured to forward requests to a remote SSL server.
+#
+# @param ssl_proxy_verify_depth
+# Sets the [SSLProxyVerifyDepth](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyverifydepth)
+# directive, which configures how deeply mod_ssl should verify before deciding that the
+# remote server does not have a valid certificate.
+# A depth of 0 means that only self-signed remote server certificates are accepted,
+# the default depth of 1 means the remote server certificate can be self-signed or
+# signed by a CA that is directly known to the server.
+#
+# @param ssl_proxy_cipher_suite
+# Sets the [SSLProxyCipherSuite](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyciphersuite)
+# directive, which controls cipher suites supported for ssl proxy traffic.
+#
+# @param ssl_proxy_ca_cert
+# Sets the [SSLProxyCACertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycacertificatefile)
+# directive, which specifies an all-in-one file where you can assemble the Certificates
+# of Certification Authorities (CA) whose remote servers you deal with. These are used
+# for Remote Server Authentication. This file should be a concatenation of the PEM-encoded
+# certificate files in order of preference.
+#
+# @param ssl_proxy_machine_cert
+# Sets the [SSLProxyMachineCertificateFile](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxymachinecertificatefile)
+# directive, which specifies an all-in-one file where you keep the certs and keys used
+# for this server to authenticate itself to remote servers. This file should be a
+# concatenation of the PEM-encoded certificate files in order of preference.
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# …
+# ssl_proxy_machine_cert => '/etc/httpd/ssl/client_certificate.pem',
+# }
+# ```
+#
+# @param ssl_proxy_check_peer_cn
+# Sets the [SSLProxyCheckPeerCN](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn)
+# directive, which specifies whether the remote server certificate's CN field is compared
+# against the hostname of the request URL.
+#
+# @param ssl_proxy_check_peer_name
+# Sets the [SSLProxyCheckPeerName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername)
+# directive, which specifies whether the remote server certificate's CN field is compared
+# against the hostname of the request URL.
+#
+# @param ssl_proxy_check_peer_expire
+# Sets the [SSLProxyCheckPeerExpire](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeerexpire)
+# directive, which specifies whether the remote server certificate is checked for expiration
+# or not.
+#
+# @param ssl_options
+# Sets the [SSLOptions](https://httpd.apache.org/docs/current/mod/mod_ssl.html#ssloptions)
+# directive, which configures various SSL engine run-time options. This is the global
+# setting for the given virtual host and can be a string or an array.
+# A string:
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# …
+# ssl_options => '+ExportCertData',
+# }
+# ```
+# An array:
+# ``` puppet
+# apache::vhost { 'sample.example.net':
+# …
+# ssl_options => ['+StrictRequire', '+ExportCertData'],
+# }
+# ```
+#
+# @param ssl_openssl_conf_cmd
+# Sets the [SSLOpenSSLConfCmd](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd)
+# directive, which provides direct configuration of OpenSSL parameters.
+#
+# @param ssl_proxyengine
+# Specifies whether or not to use [SSLProxyEngine](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine).
+#
+# @param ssl_stapling
+# Specifies whether or not to use [SSLUseStapling](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusestapling).
+# By default, uses what is set globally.
+# This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_stapling_timeout
+# Can be used to set the [SSLStaplingResponderTimeout](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingrespondertimeout) directive.
+# This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param ssl_stapling_return_errors
+# Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.
+# This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
+#
+# @param use_canonical_name
+# Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
+# which allows you to configure how the server determines it's own name and port.
+#
define apache::vhost(
Variant[Boolean,String] $docroot,
$manage_docroot = true,
@@ -449,7 +2072,7 @@
}
}
- # Load mod_fastci if needed and not yet loaded
+ # Load mod_fastcgi if needed and not yet loaded
if $fastcgi_server and $fastcgi_socket {
if ! defined(Class['apache::mod::fastcgi']) {
include ::apache::mod::fastcgi
diff --git a/manifests/vhost/custom.pp b/manifests/vhost/custom.pp
index cfb06c273e..2dfa8a1d69 100644
--- a/manifests/vhost/custom.pp
+++ b/manifests/vhost/custom.pp
@@ -1,4 +1,20 @@
-# See README.md for usage information
+# @summary
+# A wrapper around the `apache::custom_config` defined type.
+#
+# The `apache::vhost::custom` defined type is a thin wrapper around the `apache::custom_config` defined type, and simply overrides some of its default settings specific to the virtual host directory in Apache.
+#
+# @param content
+# Sets the configuration file's content.
+#
+# @param ensure
+# Specifies if the virtual host file is present or absent.
+#
+# @param priority
+# Sets the relative load order for Apache HTTPD VirtualHost configuration files.
+#
+# @param verify_config
+# Specifies whether to validate the configuration file before notifying the Apache service.
+#
define apache::vhost::custom(
$content,
$ensure = 'present',
diff --git a/manifests/vhosts.pp b/manifests/vhosts.pp
index cf212c4b12..8a37752b18 100644
--- a/manifests/vhosts.pp
+++ b/manifests/vhosts.pp
@@ -1,3 +1,23 @@
+# @summary
+# Creates `apache::vhost` defined types.
+#
+# @note See the `apache::vhost` defined type's reference for a list of all virtual
+# host parameters or Configuring virtual hosts in the README section.
+#
+# @example To create a [name-based virtual host](https://httpd.apache.org/docs/current/vhosts/name-based.html) `custom_vhost_1`
+# class { 'apache::vhosts':
+# vhosts => {
+# 'custom_vhost_1' => {
+# 'docroot' => '/var/www/custom_vhost_1',
+# 'port' => '81',
+# },
+# },
+# }
+#
+# @param vhosts
+# A hash, where the key represents the name and the value represents a hash of
+# `apache::vhost` defined type's parameters.
+#
class apache::vhosts (
$vhosts = {},
) {