libretic/ansible-role-apache
6
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-apache synced 2025-01-18 23:40:19 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'upstream'

Browse source 
Conflicts:
	tasks/configure-Debian.yml
	tasks/configure-RedHat.yml
This commit is contained in:
Rasmus Werling 2016-01-29 08:10:33 +02:00
commit 6a2d44d1c7
8 changed files with 36 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -8,6 +8,8 @@ An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu.
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
## Role Variables ## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`): Available variables are listed below, along with default values (see `defaults/main.yml`):
@ -105,6 +107,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_ignore_missing_ssl_certificate: true
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Lets Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## Dependencies ## Dependencies
None. None.

2
defaults/main.yml
View file

@ -33,6 +33,8 @@ apache_vhosts_ssl: []
# # Optional. # # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt" # certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3" apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"

8
tasks/configure-Debian.yml
View file

@ -23,10 +23,10 @@
with_items: apache_mods_disabled with_items: apache_mods_disabled
notify: restart apache notify: restart apache
- name: Add htpasswd configuration. - name: Check whether certificates defined in vhosts exist.
htpasswd: path={{ item.file }} name={{ item.username }} password={{ item.password }} state=present stat: path={{ item.certificate_file }}
with_items: apache_htpasswd register: apache_ssl_certificates
when: apache_htpasswd with_items: apache_vhosts_ssl
- name: Add apache vhosts configuration. - name: Add apache vhosts configuration.
template: template:

8
tasks/configure-RedHat.yml
View file

@ -8,10 +8,10 @@
with_items: apache_ports_configuration_items with_items: apache_ports_configuration_items
notify: restart apache notify: restart apache
- name: Add htpasswd configuration. - name: Check whether certificates defined in vhosts exist.
htpasswd: path={{ item.file }} name={{ item.username }} password={{ item.password }} state=present stat: path={{ item.certificate_file }}
with_items: apache_htpasswd register: apache_ssl_certificates
when: apache_htpasswd with_items: apache_vhosts_ssl
- name: Add apache vhosts configuration. - name: Add apache vhosts configuration.
template: template:

8
templates/vhosts-2.2.conf.j2
View file

@ -11,11 +11,14 @@
ServerAlias {{ vhost.serveralias|join(' ') }} ServerAlias {{ vhost.serveralias|join(' ') }}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }} DocumentRoot {{ vhost.documentroot }}
{% endif %}
{% if vhost.serveradmin is defined %} {% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }} ServerAdmin {{ vhost.serveradmin }}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}"> <Directory "{{ vhost.documentroot }}">
AllowOverride All AllowOverride All
Options -Indexes FollowSymLinks Options -Indexes FollowSymLinks
@ -29,6 +32,7 @@
Allow from all Allow from all
{% endif %} {% endif %}
</Directory> </Directory>
{% endif %}
{% if vhost.extra_parameters is defined %} {% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }} {{ vhost.extra_parameters }}
{% endif %} {% endif %}
@ -43,7 +47,9 @@
{% if vhost.serveralias is defined %} {% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }} ServerAlias {{ vhost.serveralias }}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }} DocumentRoot {{ vhost.documentroot }}
{% endif %}
SSLEngine on SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }} SSLCipherSuite {{ apache_ssl_cipher_suite }}
@ -58,12 +64,14 @@
{% if vhost.serveradmin is defined %} {% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }} ServerAdmin {{ vhost.serveradmin }}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}"> <Directory "{{ vhost.documentroot }}">
AllowOverride All AllowOverride All
Options -Indexes FollowSymLinks Options -Indexes FollowSymLinks
Order allow,deny Order allow,deny
Allow from all Allow from all
</Directory> </Directory>
{% endif %}
{% if vhost.extra_parameters is defined %} {% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }} {{ vhost.extra_parameters }}
{% endif %} {% endif %}

10
templates/vhosts-2.4.conf.j2
View file

@ -11,11 +11,14 @@
ServerAlias {{ vhost.serveralias|join(' ') }} ServerAlias {{ vhost.serveralias|join(' ') }}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }} DocumentRoot {{ vhost.documentroot }}
{% endif %}
{% if vhost.serveradmin is defined %} {% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }} ServerAdmin {{ vhost.serveradmin }}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}"> <Directory "{{ vhost.documentroot }}">
AllowOverride All AllowOverride All
Options -Indexes +FollowSymLinks Options -Indexes +FollowSymLinks
@ -28,6 +31,7 @@
Require all granted Require all granted
{% endif %} {% endif %}
</Directory> </Directory>
{% endif %}
{% if vhost.extra_parameters is defined %} {% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }} {{ vhost.extra_parameters }}
{% endif %} {% endif %}
@ -37,12 +41,15 @@
{# Set up SSL VirtualHosts #} {# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %} {% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost *:{{ apache_listen_port_ssl }}> <VirtualHost *:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }} ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %} {% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }} ServerAlias {{ vhost.serveralias }}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }} DocumentRoot {{ vhost.documentroot }}
{% endif %}
SSLEngine on SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }} SSLCipherSuite {{ apache_ssl_cipher_suite }}
@ -58,14 +65,17 @@
{% if vhost.serveradmin is defined %} {% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }} ServerAdmin {{ vhost.serveradmin }}
{% endif %} {% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}"> <Directory "{{ vhost.documentroot }}">
AllowOverride All AllowOverride All
Options -Indexes +FollowSymLinks Options -Indexes +FollowSymLinks
Require all granted Require all granted
</Directory> </Directory>
{% endif %}
{% if vhost.extra_parameters is defined %} {% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }} {{ vhost.extra_parameters }}
{% endif %} {% endif %}
</VirtualHost> </VirtualHost>
{% endif %}
{% endfor %} {% endfor %}

1
tests/Dockerfile.ubuntu-12.04
View file

@ -1,4 +1,5 @@
FROM ubuntu:12.04 FROM ubuntu:12.04
RUN apt-get update
# Install Ansible # Install Ansible
RUN apt-get install -y software-properties-common python-software-properties git RUN apt-get install -y software-properties-common python-software-properties git

1
tests/Dockerfile.ubuntu-14.04
View file

@ -1,4 +1,5 @@
FROM ubuntu:14.04 FROM ubuntu:14.04
RUN apt-get update
# Install Ansible # Install Ansible
RUN apt-get install -y software-properties-common git RUN apt-get install -y software-properties-common git