libretic/ansible-role-apache
6
0
Fork 0
mirror of https://github.com/geerlingguy/ansible-role-apache synced 2024-09-20 02:21:31 +02:00
Code Issues Projects Releases Packages Wiki Activity
No description
85 commits 3 branches 50 tags 5 MiB
Jinja 100%
Find a file
Jeff Geerling 49437eaeb4 PR #60: Prepare to add Ubuntu 12.04.
2015-12-13 14:19:26 -06:00
defaults PR #56 follow-up: Change ordering and description of new variable. 2015-12-08 14:23:54 -06:00
handlers Code style cleanup. 2014-10-05 19:13:00 -05:00
meta Issue #12: Use sites-available and sites-enabled Debian convention. 2014-10-05 18:58:35 -05:00
tasks Make apache start optional at task end 2015-09-24 18:33:10 +03:00
templates Add global config variable 2015-12-08 21:03:13 +01:00
tests PR #60: Prepare to add Ubuntu 12.04. 2015-12-13 14:19:26 -06:00
vars Leaves the NameVirtualHost in the same location in the file 2015-11-16 23:20:54 -05:00
.travis.yml PR #60: Prepare to add Ubuntu 12.04. 2015-12-13 14:19:26 -06:00
README.md PR #56 follow-up: Change ordering and description of new variable. 2015-12-08 14:23:54 -06:00

README.md

Ansible Role: Apache 2.x

Build Status

An Ansible Role that installs Apache 2.x on RHEL/CentOS and Debian/Ubuntu.

Requirements

If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

apache_enablerepo: ""

The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the geerlingguy.repo-epel role).

apache_listen_port: 80
apache_listen_port_ssl: 443

The ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.

apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"

If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role.

apache_remove_default_vhost: false

On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to true to remove that default virtualhost configuration file.

apache_global_settings: |
  DirectoryIndex index.php index.html
  # Add other global settings on subsequent lines.

You can add or override global Apache configuration settings in the role-provided vhosts file (assuming apache_create_vhosts is true) using this variable. By default it only sets the DirectoryIndex configuration.

apache_vhosts:
  # Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
  - servername: "local.dev"
    documentroot: "/var/www/html"

Add a set of properties per virtualhost, including servername (required), documentroot (required), serveradmin (optional), serveralias (optional) and extra_parameters (optional: you can add whatever additional configuration lines you'd like in here).

Here's an example using extra_parameters to add a RewriteRule to redirect all requests to the www. site:

  - servername: "www.local.dev"
    serveralias: "local.dev"
    documentroot: "/var/www/html"
    extra_parameters: |
      RewriteCond %{HTTP_HOST} !^www\. [NC]
      RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The | denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.

apache_vhosts_ssl: []

No SSL vhosts are configured by default, but you can add them using the same pattern as apache_vhosts, with a few additional directives, like the following example:

apache_vhosts_ssl:
  - {
    servername: "local.dev",
    documentroot: "/var/www/html",
    certificate_file: "/home/vagrant/example.crt",
    certificate_key_file: "/home/vagrant/example.key",
    certificate_chain_file: "/path/to/certificate_chain.crt"
  }

Other SSL directives can be managed with other SSL-related role variables.

apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"

The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.

apache_mods_enabled:
  - rewrite.load
  - ssl.load
apache_mods_disabled: []

(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the mods-available directory inside the apache configuration directory (/etc/apache2/mods-available by default) for all the available mods.

apache_packages:
  - [platform-specific]

The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see vars/RedHat.yml and vars/Debian.yml for the default values).

apache_state: started

Set initial Apache daemon state to be enforced when this role is run. This should generally remain started, but you can set it to stopped if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.

Dependencies

None.

Example Playbook

- hosts: webservers
  vars_files:
    - vars/main.yml
  roles:
    - { role: geerlingguy.apache }

Inside vars/main.yml:

apache_listen_port: 8080
apache_vhosts:
  - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}

License

MIT / BSD

Author Information

This role was created in 2014 by Jeff Geerling, author of Ansible for DevOps.