mirror of
https://github.com/geerlingguy/ansible-role-apache
synced 2024-12-22 11:00:18 +01:00
Merge pull request #69 from andreaswolf/master
Only create vHosts if certificate exists
This commit is contained in:
commit
47d1c0b43f
5 changed files with 18 additions and 0 deletions
|
@ -92,6 +92,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi
|
||||||
|
|
||||||
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
|
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
|
||||||
|
|
||||||
|
apache_ignore_missing_ssl_certificate: true
|
||||||
|
|
||||||
|
Create SSL vHosts regardless of whether their certificate exists or not. It might be handy to set this to `false` if you e.g. use Let’s encrypt, which triggers certificate generation with a running webserver. You might need to run your playbook multiple times to really get all SSL vHosts going if another part of your playbook takes care of certificate generation. (but OTOH Apache won’t complain about missing certificates anymore).
|
||||||
|
|
||||||
## Dependencies
|
## Dependencies
|
||||||
|
|
||||||
None.
|
None.
|
||||||
|
|
|
@ -28,6 +28,8 @@ apache_vhosts_ssl: []
|
||||||
# # Optional.
|
# # Optional.
|
||||||
# certificate_chain_file: "/path/to/certificate_chain.crt"
|
# certificate_chain_file: "/path/to/certificate_chain.crt"
|
||||||
|
|
||||||
|
apache_ignore_missing_ssl_certificate: true
|
||||||
|
|
||||||
apache_ssl_protocol: "All -SSLv2 -SSLv3"
|
apache_ssl_protocol: "All -SSLv2 -SSLv3"
|
||||||
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
|
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
|
||||||
|
|
||||||
|
|
|
@ -23,6 +23,11 @@
|
||||||
with_items: apache_mods_disabled
|
with_items: apache_mods_disabled
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
|
|
||||||
|
- name: Check whether certificates defined in vhosts exist.
|
||||||
|
stat: path={{ item.certificate_file }}
|
||||||
|
register: apache_ssl_certificates
|
||||||
|
with_items: apache_vhosts_ssl
|
||||||
|
|
||||||
- name: Add apache vhosts configuration.
|
- name: Add apache vhosts configuration.
|
||||||
template:
|
template:
|
||||||
src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
|
src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
|
||||||
|
|
|
@ -8,6 +8,11 @@
|
||||||
with_items: apache_ports_configuration_items
|
with_items: apache_ports_configuration_items
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
|
|
||||||
|
- name: Check whether certificates defined in vhosts exist.
|
||||||
|
stat: path={{ item.certificate_file }}
|
||||||
|
register: apache_ssl_certificates
|
||||||
|
with_items: apache_vhosts_ssl
|
||||||
|
|
||||||
- name: Add apache vhosts configuration.
|
- name: Add apache vhosts configuration.
|
||||||
template:
|
template:
|
||||||
src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
|
src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
|
||||||
|
|
|
@ -30,6 +30,7 @@
|
||||||
|
|
||||||
{# Set up SSL VirtualHosts #}
|
{# Set up SSL VirtualHosts #}
|
||||||
{% for vhost in apache_vhosts_ssl %}
|
{% for vhost in apache_vhosts_ssl %}
|
||||||
|
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
|
||||||
<VirtualHost *:{{ apache_listen_port_ssl }}>
|
<VirtualHost *:{{ apache_listen_port_ssl }}>
|
||||||
ServerName {{ vhost.servername }}
|
ServerName {{ vhost.servername }}
|
||||||
{% if vhost.serveralias is defined %}
|
{% if vhost.serveralias is defined %}
|
||||||
|
@ -65,4 +66,5 @@
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
Loading…
Reference in a new issue