mirror of
https://github.com/geerlingguy/ansible-role-apache
synced 2024-12-30 14:50:18 +01:00
Style update for README yaml code blocks.
This commit is contained in:
parent
1093a4609b
commit
1ca6658a7d
1 changed files with 102 additions and 58 deletions
160
README.md
160
README.md
|
@ -14,105 +14,141 @@ If you are using Apache with PHP, I recommend using the `geerlingguy.php` role t
|
||||||
|
|
||||||
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||||
|
|
||||||
apache_enablerepo: ""
|
```yaml
|
||||||
|
apache_enablerepo: ""
|
||||||
|
```
|
||||||
|
|
||||||
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
|
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
|
||||||
|
|
||||||
apache_listen_ip: "*"
|
```yaml
|
||||||
apache_listen_port: 80
|
apache_listen_ip: "*"
|
||||||
apache_listen_port_ssl: 443
|
apache_listen_port: 80
|
||||||
|
apache_listen_port_ssl: 443
|
||||||
|
```
|
||||||
|
|
||||||
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
|
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
|
||||||
|
|
||||||
apache_create_vhosts: true
|
```yaml
|
||||||
apache_vhosts_filename: "vhosts.conf"
|
apache_create_vhosts: true
|
||||||
apache_vhosts_template: "vhosts.conf.j2"
|
apache_vhosts_filename: "vhosts.conf"
|
||||||
|
apache_vhosts_template: "vhosts.conf.j2"
|
||||||
|
```
|
||||||
|
|
||||||
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts.
|
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts.
|
||||||
|
|
||||||
apache_remove_default_vhost: false
|
```yaml
|
||||||
|
apache_remove_default_vhost: false
|
||||||
|
```
|
||||||
|
|
||||||
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
|
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
|
||||||
|
|
||||||
apache_global_vhost_settings: |
|
```yaml
|
||||||
DirectoryIndex index.php index.html
|
apache_global_vhost_settings: |
|
||||||
# Add other global settings on subsequent lines.
|
DirectoryIndex index.php index.html
|
||||||
|
# Add other global settings on subsequent lines.
|
||||||
|
```
|
||||||
|
|
||||||
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
|
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
|
||||||
|
|
||||||
apache_vhosts:
|
```yaml
|
||||||
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
|
apache_vhosts:
|
||||||
- servername: "local.dev"
|
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
|
||||||
documentroot: "/var/www/html"
|
- servername: "local.dev"
|
||||||
|
documentroot: "/var/www/html"
|
||||||
|
```
|
||||||
|
|
||||||
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
|
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
|
||||||
|
|
||||||
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
|
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
|
||||||
|
|
||||||
- servername: "www.local.dev"
|
```yaml
|
||||||
serveralias: "local.dev"
|
- servername: "www.local.dev"
|
||||||
documentroot: "/var/www/html"
|
serveralias: "local.dev"
|
||||||
extra_parameters: |
|
documentroot: "/var/www/html"
|
||||||
RewriteCond %{HTTP_HOST} !^www\. [NC]
|
extra_parameters: |
|
||||||
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
RewriteCond %{HTTP_HOST} !^www\. [NC]
|
||||||
|
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
||||||
|
```
|
||||||
|
|
||||||
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
|
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
|
||||||
|
|
||||||
apache_vhosts_ssl: []
|
```yaml
|
||||||
|
apache_vhosts_ssl: []
|
||||||
|
```
|
||||||
|
|
||||||
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
|
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
|
||||||
|
|
||||||
apache_vhosts_ssl:
|
```yaml
|
||||||
- servername: "local.dev"
|
apache_vhosts_ssl:
|
||||||
documentroot: "/var/www/html"
|
- servername: "local.dev"
|
||||||
certificate_file: "/home/vagrant/example.crt"
|
documentroot: "/var/www/html"
|
||||||
certificate_key_file: "/home/vagrant/example.key"
|
certificate_file: "/home/vagrant/example.crt"
|
||||||
certificate_chain_file: "/path/to/certificate_chain.crt"
|
certificate_key_file: "/home/vagrant/example.key"
|
||||||
extra_parameters: |
|
certificate_chain_file: "/path/to/certificate_chain.crt"
|
||||||
RewriteCond %{HTTP_HOST} !^www\. [NC]
|
extra_parameters: |
|
||||||
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
RewriteCond %{HTTP_HOST} !^www\. [NC]
|
||||||
|
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
||||||
|
```
|
||||||
|
|
||||||
Other SSL directives can be managed with other SSL-related role variables.
|
Other SSL directives can be managed with other SSL-related role variables.
|
||||||
|
|
||||||
apache_ssl_no_log: true
|
```yaml
|
||||||
|
apache_ssl_no_log: true
|
||||||
|
```
|
||||||
|
|
||||||
Whether to print SSL-related task output to the console when running the playbook.
|
Whether to print SSL-related task output to the console when running the playbook.
|
||||||
|
|
||||||
apache_ssl_protocol: "All -SSLv2 -SSLv3"
|
```yaml
|
||||||
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
|
apache_ssl_protocol: "All -SSLv2 -SSLv3"
|
||||||
|
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
|
||||||
|
```
|
||||||
|
|
||||||
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
|
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
|
||||||
|
|
||||||
apache_allow_override: "All"
|
```yaml
|
||||||
apache_options: "-Indexes +FollowSymLinks"
|
apache_allow_override: "All"
|
||||||
|
apache_options: "-Indexes +FollowSymLinks"
|
||||||
|
```
|
||||||
|
|
||||||
The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`.
|
The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`.
|
||||||
|
|
||||||
apache_mods_enabled:
|
```yaml
|
||||||
- rewrite
|
apache_mods_enabled:
|
||||||
- ssl
|
- rewrite
|
||||||
apache_mods_disabled: []
|
- ssl
|
||||||
|
apache_mods_disabled: []
|
||||||
|
```
|
||||||
|
|
||||||
Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` on Debian/Ubuntu) for all the available mods.
|
Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` on Debian/Ubuntu) for all the available mods.
|
||||||
|
|
||||||
apache_packages:
|
```yaml
|
||||||
- [platform-specific]
|
apache_packages:
|
||||||
|
- [platform-specific]
|
||||||
|
```
|
||||||
|
|
||||||
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
|
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
|
||||||
|
|
||||||
apache_state: started
|
```yaml
|
||||||
|
apache_state: started
|
||||||
|
```
|
||||||
|
|
||||||
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
|
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
|
||||||
|
|
||||||
apache_enabled: yes
|
```yaml
|
||||||
|
apache_enabled: yes
|
||||||
|
```
|
||||||
|
|
||||||
Set the Apache service boot time status. This should generally remain `yes`, but you can set it to `no` if you need to run Ansible while leaving the service disabled.
|
Set the Apache service boot time status. This should generally remain `yes`, but you can set it to `no` if you need to run Ansible while leaving the service disabled.
|
||||||
|
|
||||||
apache_packages_state: present
|
```yaml
|
||||||
|
apache_packages_state: present
|
||||||
|
```
|
||||||
|
|
||||||
If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache).
|
If you have enabled any additional repositories such as _ondrej/apache2_, [geerlingguy.repo-epel](https://github.com/geerlingguy/ansible-role-repo-epel), or [geerlingguy.repo-remi](https://github.com/geerlingguy/ansible-role-repo-remi), you may want an easy way to upgrade versions. You can set this to `latest` (combined with `apache_enablerepo` on RHEL) and can directly upgrade to a different Apache version from a different repo (instead of uninstalling and reinstalling Apache).
|
||||||
|
|
||||||
apache_ignore_missing_ssl_certificate: true
|
```yaml
|
||||||
|
apache_ignore_missing_ssl_certificate: true
|
||||||
|
```
|
||||||
|
|
||||||
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
|
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
|
||||||
|
|
||||||
|
@ -120,6 +156,7 @@ If you would like to only create SSL vhosts when the vhost certificate is presen
|
||||||
|
|
||||||
If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so:
|
If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so:
|
||||||
|
|
||||||
|
```yaml
|
||||||
extra_parameters: |
|
extra_parameters: |
|
||||||
<Directory "/var/www/password-protected-directory">
|
<Directory "/var/www/password-protected-directory">
|
||||||
Require valid-user
|
Require valid-user
|
||||||
|
@ -127,13 +164,16 @@ If you require Basic Auth support, you can add it either through a custom templa
|
||||||
AuthName "Please authenticate"
|
AuthName "Please authenticate"
|
||||||
AuthUserFile /var/www/password-protected-directory/.htpasswd
|
AuthUserFile /var/www/password-protected-directory/.htpasswd
|
||||||
</Directory>
|
</Directory>
|
||||||
|
```
|
||||||
|
|
||||||
To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`:
|
To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`:
|
||||||
|
|
||||||
<Location "/">
|
```
|
||||||
Require valid-user
|
<Location "/">
|
||||||
....
|
Require valid-user
|
||||||
</Location>
|
....
|
||||||
|
</Location>
|
||||||
|
```
|
||||||
|
|
||||||
You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way.
|
You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way.
|
||||||
|
|
||||||
|
@ -143,17 +183,21 @@ None.
|
||||||
|
|
||||||
## Example Playbook
|
## Example Playbook
|
||||||
|
|
||||||
- hosts: webservers
|
```yaml
|
||||||
vars_files:
|
- hosts: webservers
|
||||||
- vars/main.yml
|
vars_files:
|
||||||
roles:
|
- vars/main.yml
|
||||||
- { role: geerlingguy.apache }
|
roles:
|
||||||
|
- { role: geerlingguy.apache }
|
||||||
|
```
|
||||||
|
|
||||||
*Inside `vars/main.yml`*:
|
*Inside `vars/main.yml`*:
|
||||||
|
|
||||||
apache_listen_port: 8080
|
```yaml
|
||||||
apache_vhosts:
|
apache_listen_port: 8080
|
||||||
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
|
apache_vhosts:
|
||||||
|
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
|
||||||
|
```
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue