puppetlabs · amvapor · Sep 20, 2013 · Sep 20, 2013 · Sep 20, 2013 · Sep 20, 2013
diff --git a/README.md b/README.md
@@ -423,6 +423,7 @@ To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` par
     class { 'apache::mod::wsgi':
       wsgi_socket_prefix => "\${APACHE_RUN_DIR}WSGI",
       wsgi_python_home   => '/path/to/virtenv',
+      wsgi_python_path   => '/path/to/virtenv/site-packages',
     }
 ```
 ####Defined Type: `apache::vhost`
@@ -883,44 +884,88 @@ Specifies additional request headers.
 
 #####`rewrite_base`
 
-Limits the `rewrite_rule` to the specified base URL. Defaults to 'undef'.
+Limits the `rewrites` to the specified base URL. Defaults to 'undef'.
 
 ```puppet
     apache::vhost { 'site.name.fdqn':
       …
-      rewrite_rule => '^index\.html$ welcome.html',
       rewrite_base => '/blog/',
+      rewrites => [
+        { rewrite_rule => ['^index\.html$ welcome.html'] }
+      ]
     }
 ```
 
 The above example would limit the index.html -> welcome.html rewrite to only something inside of http://example.com/blog/.
 
-#####`rewrite_cond`
+#####`rewrites`
 
-Rewrites a URL via `rewrite_rule` based on the truth of specified conditions. For example
+Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.
 
 ```puppet
     apache::vhost { 'site.name.fdqn':
       …
-      rewrite_cond => '%{HTTP_USER_AGENT} ^MSIE',
+      rewrites => [ { rewrite_rule => ['^index\.html$ welcome.html'] } ]
     }
 ```
 
-will rewrite URLs only if the visitor is using IE. Defaults to 'undef'.
+Allows rewrite conditions, that when true, will execute the associated rule. For example
+
+```puppet
+    apache::vhost { 'site.name.fdqn':
+      …
+      rewrites => [
+        {
+          comment       => 'redirect IE',
+          rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+          rewrite_rule => ['^index\.html$ welcome.html'],
+        }
+      ]
+    }
+```
 
-*Note*: At the moment, each vhost is limited to a single list of rewrite conditions. In the future, you will be able to specify multiple `rewrite_cond` and `rewrite_rules` per vhost, so that different conditions get different rewrites.
+will rewrite URLs only if the visitor is using IE.
 
-#####`rewrite_rule`
+Multiple conditions can be applied, the following will rewrite index.html to welcome.html only when the browser is lynx or mozilla version 1 or 2
 
-Creates URL rewrite rules. Defaults to 'undef'. This parameter allows you to specify, for example, that anyone trying to access index.html will be served welcome.html.
+```puppet
+    apache::vhost { 'site.name.fdqn':
+      …
+      rewrites => [
+        {
+          comment       => 'Lynx or Mozilla v1/2',
+          rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+          rewrite_rule => ['^index\.html$ welcome.html'],
+        }
+      ]
+    }
+```
+
+Multiple rewrites and conditions are also possible
 
 ```puppet
     apache::vhost { 'site.name.fdqn':
       …
-      rewrite_rule => '^index\.html$ welcome.html',
+      rewrites => [
+        {
+          comment       => 'Lynx or Mozilla v1/2',
+          rewrite_cond => ['%{HTTP_USER_AGENT} ^Lynx/ [OR]', '%{HTTP_USER_AGENT} ^Mozilla/[12]'],
+          rewrite_rule => ['^index\.html$ welcome.html'],
+        },
+        {
+          comment       => 'Internet Explorer',
+          rewrite_cond => ['%{HTTP_USER_AGENT} ^MSIE'],
+          rewrite_rule => ['^index\.html$ /index.IE.html [L]'],
+        },
+        }
+          rewrite_rule => ['^index\.cgi$ index.php', '^index\.html$ index.php', '^index\.asp$ index.html'],
+        }
+     ] 
     }
 ```
 
+refer to the [`mod_rewrite` documentation](http://httpd.apache.org/docs/current/mod/mod_rewrite.html) for more details on what is possible with rewrite rules and conditions
+
 #####`scriptalias`
 
 Defines a directory of CGI scripts to be aliased to the path '/cgi-bin'
@@ -1059,7 +1104,7 @@ An array of strings example:
     }
 ```
 
-#####`sslproxyengine`
+#####`ssl_proxyengine`
 
 Specifies whether to use `SSLProxyEngine` or not. Defaults to `false`.
 

diff --git a/manifests/.params.pp.swp b/manifests/.params.pp.swp
diff --git a/manifests/mod/wsgi.pp b/manifests/mod/wsgi.pp
@@ -1,11 +1,13 @@
 class apache::mod::wsgi (
   $wsgi_socket_prefix = undef,
+  $wsgi_python_path   = undef,
   $wsgi_python_home   = undef,
 ){
   apache::mod { 'wsgi': }
 
   # Template uses:
   # - $wsgi_socket_prefix
+  # - $wsgi_python_path
   # - $wsgi_python_home
   file {'wsgi.conf':
     ensure  => file,

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -133,6 +133,7 @@
       'suphp'       => 'libapache2-mod-suphp',
       'wsgi'        => 'libapache2-mod-wsgi',
       'xsendfile'   => 'libapache2-mod-xsendfile',
+      'nss'         => 'libapache2-mod-nss',
     }
     $mod_libs         = {
       'php5' => 'libphp5.so',

diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -40,6 +40,24 @@
 #    docroot => '/path/to/docroot',
 #  }
 #
+#  # Multiple Mod Rewrites:
+#  apache::vhost { 'site.name.fqdn':
+#    port => '80',
+#    docroot => '/path/to/docroot',
+#    rewrites => [
+#      {
+#        comment       => 'force www domain',
+#        rewrite_cond => ['%{HTTP_HOST} ^([a-z.]+)?example.com$ [NC]', '%{HTTP_HOST} !^www. [NC]'],
+#        rewrite_rule => ['.? http://www.%1example.com%{REQUEST_URI} [R=301,L]']
+#      },
+#      {
+#        comment       => 'prevent image hotlinking',
+#        rewrite_cond => ['%{HTTP_REFERER} !^$', '%{HTTP_REFERER} !^http://(www.)?example.com/ [NC]'],
+#        rewrite_rule => ['.(gif|jpg|png)$ - [F]']
+#      },
+#    ]
+#  }
+#
 #  # SSL vhost with non-SSL rewrite:
 #  apache::vhost { 'site.name.fqdn':
 #    port    => '443',
@@ -48,8 +66,13 @@
 #  }
 #  apache::vhost { 'site.name.fqdn':
 #    port          => '80',
-#    rewrite_cond => '%{HTTPS} off',
-#    rewrite_rule => '(.*) https://%{HTTPS_HOST}%{REQUEST_URI}',
+#    rewrites => [
+#      {
+#        comment       => "redirect non-SSL traffic to SSL site",
+#        rewrite_cond => ['%{HTTPS} off'],
+#        rewrite_rule => ['(.*) https://%{HTTPS_HOST}%{REQUEST_URI}']
+#      }
+#    ]
 #  }
 #  apache::vhost { 'site.name.fqdn':
 #    port            => '80',
@@ -81,6 +104,7 @@
     $ssl_verify_client           = undef,
     $ssl_verify_depth            = undef,
     $ssl_options                 = undef,
+    $ssl_proxyengine             = false,
     $priority                    = undef,
     $default_vhost               = false,
     $servername                  = $name,
@@ -108,7 +132,6 @@
     $scriptaliases               = [],
     $proxy_dest                  = undef,
     $proxy_pass                  = undef,
-    $sslproxyengine              = false,
     $suphp_addhandler            = $apache::params::suphp_addhandler,
     $suphp_engine                = $apache::params::suphp_engine,
     $suphp_configpath            = $apache::params::suphp_configpath,
@@ -118,6 +141,7 @@
     $redirect_status             = undef,
     $rack_base_uris              = undef,
     $request_headers             = undef,
+    $rewrites                    = undef,
     $rewrite_rule                = undef,
     $rewrite_cond                = undef,
     $setenv                      = [],
@@ -152,7 +176,20 @@
   validate_bool($error_log)
   validate_bool($ssl)
   validate_bool($default_vhost)
-  validate_bool($sslproxyengine)
+  validate_bool($ssl_proxyengine)
+  if $rewrites {
+    validate_array($rewrites)
+    validate_hash($rewrites[0])
+  }
+
+  # Deprecated backwards-compatibility
+  if $rewrite_rule {
+    warning('Apache::Vhost: parameter rewrite_rule is deprecated in favor of rewrites')
+  }
+  if $rewrite_cond {
+    warning('Apache::Vhost parameter rewrite_cond is deprecated in favor of rewrites')
+  }
+
   if $wsgi_script_aliases {
     validate_hash($wsgi_script_aliases)
   }
@@ -281,9 +318,9 @@
   }
 
   # Load mod_rewrite if needed and not yet loaded
-  if $rewrite_rule {
-    if ! defined(Class['apache::mod::rewrite']) {
-      include apache::mod::rewrite
+  if $rewrites or $rewrite_cond {
+    if ! defined(Apache::Mod['rewrite']) {
+      apache::mod { 'rewrite': }
     }
   }
 
@@ -390,8 +427,7 @@
   # requestheader fragment:
   #   - $request_headers
   # rewrite fragment:
-  #   - $rewrite_rule
-  #   - $rewrite_cond
+  #   - $rewrites
   # scriptalias fragment:
   #   - $scriptalias
   #   - $scriptaliases