Merge pull request #69 from andreaswolf/master

Only create vHosts if certificate exists
This commit is contained in:
Jeff Geerling 2016-01-18 10:39:30 -06:00
commit 47d1c0b43f
5 changed files with 18 additions and 0 deletions

View file

@ -92,6 +92,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_ignore_missing_ssl_certificate: true
Create SSL vHosts regardless of whether their certificate exists or not. It might be handy to set this to `false` if you e.g. use Lets encrypt, which triggers certificate generation with a running webserver. You might need to run your playbook multiple times to really get all SSL vHosts going if another part of your playbook takes care of certificate generation. (but OTOH Apache wont complain about missing certificates anymore).
## Dependencies ## Dependencies
None. None.

View file

@ -28,6 +28,8 @@ apache_vhosts_ssl: []
# # Optional. # # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt" # certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"

View file

@ -23,6 +23,11 @@
with_items: apache_mods_disabled with_items: apache_mods_disabled
notify: restart apache notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: apache_vhosts_ssl
- name: Add apache vhosts configuration. - name: Add apache vhosts configuration.
template: template:
src: "vhosts-{{ apache_vhosts_version }}.conf.j2" src: "vhosts-{{ apache_vhosts_version }}.conf.j2"

View file

@ -8,6 +8,11 @@
with_items: apache_ports_configuration_items with_items: apache_ports_configuration_items
notify: restart apache notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: apache_vhosts_ssl
- name: Add apache vhosts configuration. - name: Add apache vhosts configuration.
template: template:
src: "vhosts-{{ apache_vhosts_version }}.conf.j2" src: "vhosts-{{ apache_vhosts_version }}.conf.j2"

View file

@ -30,6 +30,7 @@
{# Set up SSL VirtualHosts #} {# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %} {% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost *:{{ apache_listen_port_ssl }}> <VirtualHost *:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }} ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %} {% if vhost.serveralias is defined %}
@ -65,4 +66,5 @@
{% endif %} {% endif %}
</VirtualHost> </VirtualHost>
{% endif %}
{% endfor %} {% endfor %}