mirror of
https://github.com/geerlingguy/ansible-role-apache
synced 2024-12-22 11:00:18 +01:00
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
commit
80d2a89369
5 changed files with 20 additions and 0 deletions
|
@ -8,6 +8,8 @@ An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu.
|
|||
|
||||
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
|
||||
|
||||
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
|
||||
|
||||
## Role Variables
|
||||
|
||||
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||
|
@ -90,6 +92,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi
|
|||
|
||||
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
|
||||
|
||||
apache_ignore_missing_ssl_certificate: true
|
||||
|
||||
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
|
||||
|
||||
## Dependencies
|
||||
|
||||
None.
|
||||
|
|
|
@ -28,6 +28,8 @@ apache_vhosts_ssl: []
|
|||
# # Optional.
|
||||
# certificate_chain_file: "/path/to/certificate_chain.crt"
|
||||
|
||||
apache_ignore_missing_ssl_certificate: true
|
||||
|
||||
apache_ssl_protocol: "All -SSLv2 -SSLv3"
|
||||
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
|
||||
|
||||
|
|
|
@ -23,6 +23,11 @@
|
|||
with_items: apache_mods_disabled
|
||||
notify: restart apache
|
||||
|
||||
- name: Check whether certificates defined in vhosts exist.
|
||||
stat: path={{ item.certificate_file }}
|
||||
register: apache_ssl_certificates
|
||||
with_items: apache_vhosts_ssl
|
||||
|
||||
- name: Add apache vhosts configuration.
|
||||
template:
|
||||
src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
|
||||
|
|
|
@ -8,6 +8,11 @@
|
|||
with_items: apache_ports_configuration_items
|
||||
notify: restart apache
|
||||
|
||||
- name: Check whether certificates defined in vhosts exist.
|
||||
stat: path={{ item.certificate_file }}
|
||||
register: apache_ssl_certificates
|
||||
with_items: apache_vhosts_ssl
|
||||
|
||||
- name: Add apache vhosts configuration.
|
||||
template:
|
||||
src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
|
||||
{# Set up SSL VirtualHosts #}
|
||||
{% for vhost in apache_vhosts_ssl %}
|
||||
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
|
||||
<VirtualHost *:{{ apache_listen_port_ssl }}>
|
||||
ServerName {{ vhost.servername }}
|
||||
{% if vhost.serveralias is defined %}
|
||||
|
@ -65,4 +66,5 @@
|
|||
{% endif %}
|
||||
</VirtualHost>
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
|
Loading…
Reference in a new issue