Skip to content
This repository has been archived by the owner on Feb 13, 2023. It is now read-only.

Commit

Permalink
Upgrade to latest version of Apache role.
Browse files Browse the repository at this point in the history
  • Loading branch information
geerlingguy committed Dec 9, 2016
1 parent 9f013f1 commit d7f4035
Show file tree
Hide file tree
Showing 10 changed files with 53 additions and 14 deletions.
2 changes: 1 addition & 1 deletion provisioning/requirements.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
- src: geerlingguy.adminer
version: 1.1.0
- src: geerlingguy.apache
version: 1.7.4
version: 2.0.0
- src: geerlingguy.apache-php-fpm
version: 1.0.2
- src: geerlingguy.blackfire
Expand Down
31 changes: 29 additions & 2 deletions provisioning/roles/geerlingguy.apache/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@ The IP address and ports on which apache should be listening. Useful if you have

apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"

If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role.
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. You can also override the template used and set a path to your own template, if you need to further customize the layout of your VirtualHosts.

apache_remove_default_vhost: false

Expand All @@ -44,7 +45,7 @@ You can add or override global Apache configuration settings in the role-provide
- servername: "local.dev"
documentroot: "/var/www/html"

Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `allow_override` (optional: defaults to the value of `apache_allow_override`), `options` (optional: defaults to the value of `apache_options`), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).

Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:

Expand Down Expand Up @@ -77,6 +78,11 @@ Other SSL directives can be managed with other SSL-related role variables.

The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.

apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"

The default values for the `AllowOverride` and `Options` directives for the `documentroot` directory of each vhost. A vhost can overwrite these values by specifying `allow_override` or `options`.

apache_mods_enabled:
- rewrite.load
- ssl.load
Expand All @@ -97,6 +103,27 @@ Set initial Apache daemon state to be enforced when this role is run. This shoul

If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).

## .htaccess-based Basic Authorization

If you require Basic Auth support, you can add it either through a custom template, or by adding `extra_parameters` to a VirtualHost configuration, like so:

extra_parameters: |
<Directory "/var/www/password-protected-directory">
Require valid-user
AuthType Basic
AuthName "Please authenticate"
AuthUserFile /var/www/password-protected-directory/.htpasswd
</Directory>

To password protect everything within a VirtualHost directive, use the `Location` block instead of `Directory`:

<Location "/">
Require valid-user
....
</Location>

You would need to generate/upload your own `.htpasswd` file in your own playbook. There may be other roles that support this functionality in a more integrated way.

## Dependencies

None.
Expand Down
14 changes: 12 additions & 2 deletions provisioning/roles/geerlingguy.apache/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ apache_listen_port_ssl: 443

apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"

# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
Expand All @@ -16,12 +17,17 @@ apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties: 'serveradmin, serveralias, extra_parameters'.
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"

apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"

apache_vhosts_ssl: []
# Additional properties: 'serveradmin, extra_parameters'.
# Additional properties:
# 'serveradmin, serveralias, allow_override, options, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
Expand All @@ -42,3 +48,7 @@ apache_mods_disabled: []

# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started

# Set apache state when configuration changes are made. Recommended values:
# `restarted` or `reloaded`
apache_restart_state: restarted
2 changes: 1 addition & 1 deletion provisioning/roles/geerlingguy.apache/handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,4 @@
- name: restart apache
service:
name: "{{ apache_service }}"
state: restarted
state: "{{ apache_restart_state }}"
2 changes: 2 additions & 0 deletions provisioning/roles/geerlingguy.apache/meta/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,5 @@ galaxy_info:
- 11.3
galaxy_tags:
- web

allow_duplicates: yes
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
owner: root
group: root
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@

- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
src: "{{ apache_vhosts_template }}"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Options -Indexes +FollowSymLinks
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
Expand Down Expand Up @@ -63,8 +63,8 @@
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Options -Indexes +FollowSymLinks
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
Options {{ vhost.options | default(apache_options) }}
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
Expand Down

0 comments on commit d7f4035

Please sign in to comment.