From 547c0b404c8a613be4d03b0a40a059dd9676288e Mon Sep 17 00:00:00 2001
From: Adam Papai <wooh@wooh.hu>
Date: Wed, 20 Apr 2016 11:46:12 +0200
Subject: [PATCH 1/4] Add configuration for listen address

By default I leave it as "*", but for many cases, we don't want to bind our
apache to all network addresses available for the server. For example if we
want to only bind the apache to the localhost, we can use the following
configuration:

  apache_listen_ip: "127.0.0.1"
---
 defaults/main.yml            | 1 +
 templates/vhosts-2.2.conf.j2 | 4 ++--
 templates/vhosts-2.4.conf.j2 | 4 ++--
 vars/RedHat.yml              | 2 +-
 vars/Solaris.yml             | 2 +-
 vars/Suse.yml                | 2 +-
 vars/apache-22.yml           | 2 +-
 7 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 84f95a3..4acdfce 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 apache_enablerepo: ""
 
+apache_listen_ip: "*"
 apache_listen_port: 80
 apache_listen_port_ssl: 443
 
diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2
index 4f922f4..3a173f5 100644
--- a/templates/vhosts-2.2.conf.j2
+++ b/templates/vhosts-2.2.conf.j2
@@ -2,7 +2,7 @@
 
 {# Set up VirtualHosts #}
 {% for vhost in apache_vhosts %}
-<VirtualHost *:{{ apache_listen_port }}>
+<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
   ServerName {{ vhost.servername }}
 {% if vhost.serveralias is defined %}
   ServerAlias {{ vhost.serveralias }}
@@ -31,7 +31,7 @@
 
 {# Set up SSL VirtualHosts. #}
 {% for vhost in apache_vhosts_ssl %}
-<VirtualHost *:{{ apache_listen_port_ssl }}>
+<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
   ServerName {{ vhost.servername }}
 {% if vhost.serveralias is defined %}
   ServerAlias {{ vhost.serveralias }}
diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts-2.4.conf.j2
index c120fc2..88294a9 100644
--- a/templates/vhosts-2.4.conf.j2
+++ b/templates/vhosts-2.4.conf.j2
@@ -2,7 +2,7 @@
 
 {# Set up VirtualHosts #}
 {% for vhost in apache_vhosts %}
-<VirtualHost *:{{ apache_listen_port }}>
+<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
   ServerName {{ vhost.servername }}
 {% if vhost.serveralias is defined %}
   ServerAlias {{ vhost.serveralias }}
@@ -31,7 +31,7 @@
 {# Set up SSL VirtualHosts #}
 {% for vhost in apache_vhosts_ssl %}
 {% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
-<VirtualHost *:{{ apache_listen_port_ssl }}>
+<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
   ServerName {{ vhost.servername }}
 {% if vhost.serveralias is defined %}
   ServerAlias {{ vhost.serveralias }}
diff --git a/vars/RedHat.yml b/vars/RedHat.yml
index 32f5bd2..d79fa5a 100644
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml
@@ -17,4 +17,4 @@ apache_ports_configuration_items:
   - regexp: "^Listen "
     line: "Listen {{ apache_listen_port }}"
   - regexp: "^#?NameVirtualHost "
-    line: "NameVirtualHost *:{{ apache_listen_port }}"
+    line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
diff --git a/vars/Solaris.yml b/vars/Solaris.yml
index 351fefa..576291e 100644
--- a/vars/Solaris.yml
+++ b/vars/Solaris.yml
@@ -16,4 +16,4 @@ apache_ports_configuration_items:
   - regexp: "^Listen "
     line: "Listen {{ apache_listen_port }}"
   - regexp: "^#?NameVirtualHost "
-    line: "NameVirtualHost *:{{ apache_listen_port }}"
+    line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
diff --git a/vars/Suse.yml b/vars/Suse.yml
index ad26609..27703f3 100644
--- a/vars/Suse.yml
+++ b/vars/Suse.yml
@@ -15,4 +15,4 @@ apache_ports_configuration_items:
   - regexp: "^Listen "
     line: "Listen {{ apache_listen_port }}"
   - regexp: "^#?NameVirtualHost "
-    line: "NameVirtualHost *:{{ apache_listen_port }}"
+    line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
diff --git a/vars/apache-22.yml b/vars/apache-22.yml
index 97fba44..c932f93 100644
--- a/vars/apache-22.yml
+++ b/vars/apache-22.yml
@@ -8,5 +8,5 @@ apache_ports_configuration_items:
   }
   - {
     regexp: "^#?NameVirtualHost ",
-    line: "NameVirtualHost *:{{ apache_listen_port }}"
+    line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
   }

From 14e14f94c337fd1e7a3934cf840aca49a62d039b Mon Sep 17 00:00:00 2001
From: Jeff Geerling <geerlingguy@mac.com>
Date: Wed, 20 Apr 2016 21:09:41 -0500
Subject: [PATCH 2/4] PR #83 follow-up

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0b2ee2c..100614d 100644
--- a/README.md
+++ b/README.md
@@ -18,10 +18,11 @@ Available variables are listed below, along with default values (see `defaults/m
 
 The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
 
+    apache_listen_ip: "*"
     apache_listen_port: 80
     apache_listen_port_ssl: 443
 
-The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
+The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
 
     apache_create_vhosts: true
     apache_vhosts_filename: "vhosts.conf"

From 1c536ef995efcb25bb230ccd43b2c159cd1fb5c4 Mon Sep 17 00:00:00 2001
From: Jeff Geerling <geerlingguy@mac.com>
Date: Fri, 22 Apr 2016 14:06:50 -0500
Subject: [PATCH 3/4] Add Xenial to supported Ubuntu versions.

---
 meta/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/main.yml b/meta/main.yml
index 0e4c3a8..12200db 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -20,6 +20,7 @@ galaxy_info:
       - raring
       - saucy
       - trusty
+      - xenial
     - name: Suse
       versions:
       - all

From ae3a1a6332fa478bb6e587f7d3216b3bf1d56aae Mon Sep 17 00:00:00 2001
From: Christoph Dittmann <github@christoph-d.de>
Date: Mon, 25 Apr 2016 15:56:30 +0200
Subject: [PATCH 4/4] Merge the templates for 2.2 and 2.4

The only real difference between apache version 2.2 and 2.4 are the
"Order/Allow" directives which have been replaced with "Require", so
there seems to be no need to maintain two separate templates.

As a side-effect, this merges geerlingguy/ansible-role-apache#69 into
the apache 2.2 config.
---
 tasks/configure-Debian.yml                    |  2 +-
 tasks/configure-RedHat.yml                    |  2 +-
 tasks/configure-Solaris.yml                   |  2 +-
 tasks/configure-Suse.yml                      |  2 +-
 templates/vhosts-2.2.conf.j2                  | 69 -------------------
 .../{vhosts-2.4.conf.j2 => vhosts.conf.j2}    | 12 ++++
 6 files changed, 16 insertions(+), 73 deletions(-)
 delete mode 100644 templates/vhosts-2.2.conf.j2
 rename templates/{vhosts-2.4.conf.j2 => vhosts.conf.j2} (88%)

diff --git a/tasks/configure-Debian.yml b/tasks/configure-Debian.yml
index 023f687..94b9b23 100644
--- a/tasks/configure-Debian.yml
+++ b/tasks/configure-Debian.yml
@@ -30,7 +30,7 @@
 
 - name: Add apache vhosts configuration.
   template:
-    src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
+    src: "vhosts.conf.j2"
     dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
     owner: root
     group: root
diff --git a/tasks/configure-RedHat.yml b/tasks/configure-RedHat.yml
index d20cfa0..0c3a01f 100644
--- a/tasks/configure-RedHat.yml
+++ b/tasks/configure-RedHat.yml
@@ -15,7 +15,7 @@
 
 - name: Add apache vhosts configuration.
   template:
-    src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
+    src: "vhosts.conf.j2"
     dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
     owner: root
     group: root
diff --git a/tasks/configure-Solaris.yml b/tasks/configure-Solaris.yml
index 9b6505b..a95654b 100644
--- a/tasks/configure-Solaris.yml
+++ b/tasks/configure-Solaris.yml
@@ -10,7 +10,7 @@
 
 - name: Add apache vhosts configuration.
   template:
-    src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
+    src: "vhosts.conf.j2"
     dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
     owner: root
     group: root
diff --git a/tasks/configure-Suse.yml b/tasks/configure-Suse.yml
index 5166f0a..16d89f8 100644
--- a/tasks/configure-Suse.yml
+++ b/tasks/configure-Suse.yml
@@ -15,7 +15,7 @@
 
 - name: Add apache vhosts configuration.
   template:
-    src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
+    src: "vhosts.conf.j2"
     dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
     owner: root
     group: root
diff --git a/templates/vhosts-2.2.conf.j2 b/templates/vhosts-2.2.conf.j2
deleted file mode 100644
index 3a173f5..0000000
--- a/templates/vhosts-2.2.conf.j2
+++ /dev/null
@@ -1,69 +0,0 @@
-{{ apache_global_vhost_settings }}
-
-{# Set up VirtualHosts #}
-{% for vhost in apache_vhosts %}
-<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
-  ServerName {{ vhost.servername }}
-{% if vhost.serveralias is defined %}
-  ServerAlias {{ vhost.serveralias }}
-{% endif %}
-{% if vhost.documentroot is defined %}
-  DocumentRoot {{ vhost.documentroot }}
-{% endif %}
-
-{% if vhost.serveradmin is defined %}
-  ServerAdmin {{ vhost.serveradmin }}
-{% endif %}
-{% if vhost.documentroot is defined %}
-  <Directory "{{ vhost.documentroot }}">
-    AllowOverride All
-    Options -Indexes FollowSymLinks
-    Order allow,deny
-    Allow from all
-  </Directory>
-{% endif %}
-{% if vhost.extra_parameters is defined %}
-  {{ vhost.extra_parameters }}
-{% endif %}
-</VirtualHost>
-
-{% endfor %}
-
-{# Set up SSL VirtualHosts. #}
-{% for vhost in apache_vhosts_ssl %}
-<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
-  ServerName {{ vhost.servername }}
-{% if vhost.serveralias is defined %}
-  ServerAlias {{ vhost.serveralias }}
-{% endif %}
-{% if vhost.documentroot is defined %}
-  DocumentRoot {{ vhost.documentroot }}
-{% endif %}
-
-  SSLEngine on
-  SSLCipherSuite {{ apache_ssl_cipher_suite }}
-  SSLProtocol {{ apache_ssl_protocol }}
-  SSLHonorCipherOrder On
-  SSLCertificateFile {{ vhost.certificate_file }}
-  SSLCertificateKeyFile {{ vhost.certificate_key_file }}
-{% if vhost.certificate_chain_file is defined %}
-  SSLCertificateChainFile {{ vhost.certificate_chain_file }}
-{% endif %}
-
-{% if vhost.serveradmin is defined %}
-  ServerAdmin {{ vhost.serveradmin }}
-{% endif %}
-{% if vhost.documentroot is defined %}
-  <Directory "{{ vhost.documentroot }}">
-    AllowOverride All
-    Options -Indexes FollowSymLinks
-    Order allow,deny
-    Allow from all
-  </Directory>
-{% endif %}
-{% if vhost.extra_parameters is defined %}
-  {{ vhost.extra_parameters }}
-{% endif %}
-</VirtualHost>
-
-{% endfor %}
diff --git a/templates/vhosts-2.4.conf.j2 b/templates/vhosts.conf.j2
similarity index 88%
rename from templates/vhosts-2.4.conf.j2
rename to templates/vhosts.conf.j2
index 88294a9..766554f 100644
--- a/templates/vhosts-2.4.conf.j2
+++ b/templates/vhosts.conf.j2
@@ -18,7 +18,12 @@
   <Directory "{{ vhost.documentroot }}">
     AllowOverride All
     Options -Indexes +FollowSymLinks
+{% if apache_vhosts_version == "2.2" %}
+    Order allow,deny
+    Allow from all
+{% else %}
     Require all granted
+{% endif %}
   </Directory>
 {% endif %}
 {% if vhost.extra_parameters is defined %}
@@ -44,7 +49,9 @@
   SSLCipherSuite {{ apache_ssl_cipher_suite }}
   SSLProtocol {{ apache_ssl_protocol }}
   SSLHonorCipherOrder On
+{% if apache_vhosts_version == "2.4" %}
   SSLCompression off
+{% endif %}
   SSLCertificateFile {{ vhost.certificate_file }}
   SSLCertificateKeyFile {{ vhost.certificate_key_file }}
 {% if vhost.certificate_chain_file is defined %}
@@ -58,7 +65,12 @@
   <Directory "{{ vhost.documentroot }}">
     AllowOverride All
     Options -Indexes +FollowSymLinks
+{% if apache_vhosts_version == "2.2" %}
+    Order allow,deny
+    Allow from all
+{% else %}
     Require all granted
+{% endif %}
   </Directory>
 {% endif %}
 {% if vhost.extra_parameters is defined %}