ansible-role-apache_ssl_vhosts/tasks/configure.yml

---
- name: Allow HTTP traffic
  ufw:
    rule: allow
    port: 80

- name: Allow HTTPS traffic
  ufw:
    rule: allow
    port: 443

- name: Disable MPM Apache2 modules
  community.general.apache2_module:
    state: absent
    name: "{{ item }}"
  ignore_errors: true
  loop:
    - mpm_worker
    - mpm_event

- name: Enable Apache2 modules
  community.general.apache2_module:
    state: present
    name: "{{ item }}"
  loop:
    - rewrite
    - ssl
    - mpm_prefork


- name: Ensure default vhost root exists
  file:
    path: /var/www/html
    state: directory
    owner: www-data
    group: www-data
    mode: 0775

- name: Ensure default vhost is configured with SSL redirection
  copy:
    dest: /etc/apache2/conf-available/default_host.conf
    src: files/default_host.conf
    backup: yes
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure default vhost is enabled with SSL redirection
  file:
    dest: /etc/apache2/conf-enabled/default_host.conf
    src: /etc/apache2/conf-available/default_host.conf
    state: link
    mode: 0644
  notify:
    - Restart Apache

- name: Ensure Apache modules are enabled
  community.general.apache2_module:
    state: present
    force: True
    name: "{{ item }}"
  with_items: "{{ apache_modules }}"
  register: enabled_mods
  when: apache_modules is defined

- name: Ensure Apache is restarted after enabling modules
  service:
    name: apache2
    state: restarted
  when: enabled_mods.changed

- name: Ensure vhost docroot exists
  file:
    path: "{{ item.docroot | default('/var/www/{{ item.vhostname }}') }}"
    state: directory
    owner: www-data
    group: www-data
    mode: 0775
  loop: "{{ vhosts }}"

- name: Ensure vhosts are configured
  template:
    src: templates/vhost.conf.j2
    dest: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    owner: root
    group: root
    mode: '0644'
    backup: yes
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache

- name: Ensure vhost is enabled
  file:
    src: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    dest: "/etc/apache2/sites-enabled/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
    state: link
  with_items: "{{ vhosts }}"
  notify:
    - Restart Apache
# notfound.php
# error500.php
# error503.php
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`---`
			`- name: Allow HTTP traffic`
			`ufw:`
			`rule: allow`
			`port: 80`

			`- name: Allow HTTPS traffic`
			`ufw:`
			`rule: allow`
			`port: 443`

alter order with apache modules 2023-02-08 20:09:31 +01:00			`- name: Disable MPM Apache2 modules`
			`community.general.apache2_module:`
			`state: absent`
			`name: "{{ item }}"`
ignore errors if modules are not loaded 2023-02-08 20:20:05 +01:00			`ignore_errors: true`
alter order with apache modules 2023-02-08 20:09:31 +01:00			`loop:`
			`- mpm_worker`
			`- mpm_event`

Initial commit with previous code 2022-10-11 09:18:51 +02:00			`- name: Enable Apache2 modules`
			`community.general.apache2_module:`
			`state: present`
			`name: "{{ item }}"`
			`loop:`
			`- rewrite`
			`- ssl`
fix prefork module 2023-02-06 13:35:12 +01:00			`- mpm_prefork`
disbale mpm modules 2023-02-06 13:33:12 +01:00
Initial commit with previous code 2022-10-11 09:18:51 +02:00
			`- name: Ensure default vhost root exists`
			`file:`
			`path: /var/www/html`
			`state: directory`
			`owner: www-data`
			`group: www-data`
			`mode: 0775`

			`- name: Ensure default vhost is configured with SSL redirection`
			`copy:`
			`dest: /etc/apache2/conf-available/default_host.conf`
			`src: files/default_host.conf`
			`backup: yes`
			`mode: 0644`
			`notify:`
			`- Restart Apache`

			`- name: Ensure default vhost is enabled with SSL redirection`
			`file:`
			`dest: /etc/apache2/conf-enabled/default_host.conf`
			`src: /etc/apache2/conf-available/default_host.conf`
			`state: link`
			`mode: 0644`
			`notify:`
			`- Restart Apache`

			`- name: Ensure Apache modules are enabled`
			`community.general.apache2_module:`
			`state: present`
			`force: True`
			`name: "{{ item }}"`
			`with_items: "{{ apache_modules }}"`
add restart of apache when module enabled 2023-02-08 20:28:05 +01:00			`register: enabled_mods`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`when: apache_modules is defined`

add restart of apache when module enabled 2023-02-08 20:28:05 +01:00			`- name: Ensure Apache is restarted after enabling modules`
			`service:`
			`name: apache2`
			`state: restarted`
			`when: enabled_mods.changed`

Initial commit with previous code 2022-10-11 09:18:51 +02:00			`- name: Ensure vhost docroot exists`
			`file:`
Add default docroot 2022-12-07 13:11:15 +01:00			`path: "{{ item.docroot \| default('/var/www/{{ item.vhostname }}') }}"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`state: directory`
			`owner: www-data`
			`group: www-data`
			`mode: 0775`
			`loop: "{{ vhosts }}"`

			`- name: Ensure vhosts are configured`
			`template:`
			`src: templates/vhost.conf.j2`
Fix template 2022-12-07 13:17:20 +01:00			`dest: "/etc/apache2/sites-available/{{ item.weight \| default('25') }}-{{ item.vhostname }}.conf"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`owner: root`
			`group: root`
			`mode: '0644'`
			`backup: yes`
			`with_items: "{{ vhosts }}"`
			`notify:`
			`- Restart Apache`

			`- name: Ensure vhost is enabled`
			`file:`
Add default weight 2022-12-07 13:15:01 +01:00			`src: "/etc/apache2/sites-available/{{ item.weight \| default('25') }}-{{ item.vhostname }}.conf"`
			`dest: "/etc/apache2/sites-enabled/{{ item.weight \| default('25') }}-{{ item.vhostname }}.conf"`
Initial commit with previous code 2022-10-11 09:18:51 +02:00			`state: link`
			`with_items: "{{ vhosts }}"`
			`notify:`
			`- Restart Apache`
			`# notfound.php`
			`# error500.php`
			`# error503.php`