ansible-role-apache_ssl_vhosts/tasks/configure.yml

---
- name: Allow default HTTP traffic
  ufw:
    rule: allow
    port: "{{ web_port }}"

- name: Allow HTTP traffic for vhosts
  ufw:
    rule: allow
    port: "{{ item.web_port | default(80) }}"
  loop: "{{ vhosts }}"

- name: Allow HTTPS default traffic
  ufw:
    rule: allow
    port: "{{ ssl_port | default(443) }}"
  when:
    - ssl

- name: Allow HTTPS traffic for vhosts
  ufw:
    rule: allow
    port: "{{ item.ssl_port | default(443) }}"
  loop: "{{ vhosts }}"
  when:
    - ssl
    - "'ssl' in item"
    - item.ssl

- name: Ensure MPM Worker module is disabled
  shell: a2dismod mpm_worker

- name: Ensure MPM Event module is disabled
  shell: a2dismod mpm_event

- name: Ensure MPM Pre-Fork module is enabled
  shell: a2enmod mpm_prefork

- name: Enable Apache2 modules
  community.general.apache2_module:
    state: present
    name: "{{ item }}"
  loop:
    - rewrite
    - ssl
    - proxy_fcgi
    - proxy


- name: Ensure default vhost root exists
  file:
    path: /var/www/html
    state: directory
    owner: www-data
    group: www-data
    mode: 0775

- name: Ensure default vhost is configured with SSL redirection
  copy:
    dest: /etc/apache2/conf-available/default_host.conf
    src: files/default_host.conf
    backup: yes
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure default vhost is enabled with SSL redirection
  file:
    dest: /etc/apache2/conf-enabled/default_host.conf
    src: /etc/apache2/conf-available/default_host.conf
    state: link
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure Apache modules are enabled
  community.general.apache2_module:
    state: present
    force: True
    name: "{{ item }}"
  loop: "{{ apache_modules }}"
  register: enabled_mods
  when: apache_modules is defined

- name: Ensure Apache is restarted after enabling modules
  service:
    name: apache2
    state: restarted
  when: enabled_mods.changed

- name: Ensure vhost docroot exists
  file:
    path: "{{ item.docroot | default('/var/www/{{ item.vhostname }}') }}"
    state: directory
    owner: www-data
    group: www-data
    mode: 0775
  loop: "{{ vhosts }}"

- name: Ensure vhosts are configured
  template:
    src: templates/vhost.conf.j2
    dest: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    owner: root
    group: root
    mode: '0644'
    backup: yes
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache

- name: Ensure vhost is enabled
  file:
    src: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    dest: "/etc/apache2/sites-enabled/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    state: link
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`---`
handle default and per vhost ports 2023-09-24 09:12:28 +02:00			`- name: Allow default HTTP traffic`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`ufw:`
			`rule: allow`
add opt out for ssl 2023-09-24 08:49:05 +02:00			`port: "{{ web_port }}"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00
handle default and per vhost ports 2023-09-24 09:12:28 +02:00			`- name: Allow HTTP traffic for vhosts`
			`ufw:`
			`rule: allow`
Add default web port 2023-09-26 08:42:43 +02:00			`port: "{{ item.web_port \| default(80) }}"`
handle default and per vhost ports 2023-09-24 09:12:28 +02:00			`loop: "{{ vhosts }}"`

			`- name: Allow HTTPS default traffic`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`ufw:`
			`rule: allow`
add opt out for ssl 2023-09-24 08:49:05 +02:00			`port: "{{ ssl_port \| default(443) }}"`
handle default and per vhost ports 2023-09-24 09:12:28 +02:00			`when:`
			`- ssl`

			`- name: Allow HTTPS traffic for vhosts`
			`ufw:`
			`rule: allow`
			`port: "{{ item.ssl_port \| default(443) }}"`
			`loop: "{{ vhosts }}"`
			`when:`
			`- ssl`
fix check for ssl 2023-09-26 08:45:39 +02:00			`- "'ssl' in item"`
handle default and per vhost ports 2023-09-24 09:12:28 +02:00			`- item.ssl`
Initial commit with previous code 2022-10-11 09:18:51 +02:00
use shell to manage mpm mod 2023-02-10 12:01:01 +01:00			`- name: Ensure MPM Worker module is disabled`
			`shell: a2dismod mpm_worker`

change back to prefork 2023-02-11 13:58:39 +01:00			`- name: Ensure MPM Event module is disabled`
			`shell: a2dismod mpm_event`
use shell to manage mpm mod 2023-02-10 12:01:01 +01:00
change back to prefork 2023-02-11 13:58:39 +01:00			`- name: Ensure MPM Pre-Fork module is enabled`
			`shell: a2enmod mpm_prefork`
alter order with apache modules 2023-02-08 20:09:31 +01:00
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`- name: Enable Apache2 modules`
			`community.general.apache2_module:`
			`state: present`
			`name: "{{ item }}"`
			`loop:`
			`- rewrite`
			`- ssl`
Use mpm event 2023-02-10 13:42:51 +01:00			`- proxy_fcgi`
add proxy 2023-02-10 13:55:08 +01:00			`- proxy`
disbale mpm modules 2023-02-06 13:33:12 +01:00
Initial commit with previous code 2022-10-11 09:18:51 +02:00
			`- name: Ensure default vhost root exists`
			`file:`
			`path: /var/www/html`
			`state: directory`
			`owner: www-data`
			`group: www-data`
			`mode: 0775`

			`- name: Ensure default vhost is configured with SSL redirection`
			`copy:`
			`dest: /etc/apache2/conf-available/default_host.conf`
			`src: files/default_host.conf`
			`backup: yes`
			`mode: 0644`
			`notify:`
			`- Restart Apache`

			`- name: Ensure default vhost is enabled with SSL redirection`
			`file:`
			`dest: /etc/apache2/conf-enabled/default_host.conf`
			`src: /etc/apache2/conf-available/default_host.conf`
			`state: link`
			`mode: 0644`
			`notify:`
			`- Restart Apache`

			`- name: Ensure Apache modules are enabled`
			`community.general.apache2_module:`
			`state: present`
			`force: True`
			`name: "{{ item }}"`
add opt out for ssl 2023-09-24 08:49:05 +02:00			`loop: "{{ apache_modules }}"`
add restart of apache when module enabled 2023-02-08 20:28:05 +01:00			`register: enabled_mods`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`when: apache_modules is defined`

add restart of apache when module enabled 2023-02-08 20:28:05 +01:00			`- name: Ensure Apache is restarted after enabling modules`
			`service:`
			`name: apache2`
			`state: restarted`
			`when: enabled_mods.changed`

Initial commit with previous code 2022-10-11 09:18:51 +02:00			`- name: Ensure vhost docroot exists`
			`file:`
Add default docroot 2022-12-07 13:11:15 +01:00			`path: "{{ item.docroot \| default('/var/www/{{ item.vhostname }}') }}"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`state: directory`
			`owner: www-data`
			`group: www-data`
			`mode: 0775`
			`loop: "{{ vhosts }}"`

			`- name: Ensure vhosts are configured`
			`template:`
			`src: templates/vhost.conf.j2`
Fix template 2022-12-07 13:17:20 +01:00			`dest: "/etc/apache2/sites-available/{{ item.weight \| default('25') }}-{{ item.vhostname }}.conf"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`with_items: "{{ vhosts }}"`
			`notify:`
			`- Restart Apache`

			`- name: Ensure vhost is enabled`
			`file:`
Add default weight 2022-12-07 13:15:01 +01:00			`src: "/etc/apache2/sites-available/{{ item.weight \| default('25') }}-{{ item.vhostname }}.conf"`
			`dest: "/etc/apache2/sites-enabled/{{ item.weight \| default('25') }}-{{ item.vhostname }}.conf"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`state: link`
			`with_items: "{{ vhosts }}"`
			`notify:`
			`- Restart Apache`