adelgado/ansible-role-apache_ssl_vhosts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-apache_ssl_vhosts/templates/vhost.conf.j2

128 lines
5 KiB
Text
Raw Normal View History

Initial commit with previous code
2022-10-11 09:18:51 +02:00
# ************************************
# Vhost template in role apache_ssl_vhost
# Managed by Ansible
# ************************************
<VirtualHost *:{{ item.web_port|default("80") }}>
ServerName {{ item.vhostname }}
{% if item.server_aliases is defined %}
ServerAlias {% for alias in item.server_aliases %}{{ alias }} {% endfor %}
{% endif %}
fix template
2022-12-08 13:05:58 +01:00
## Directories, there should at least be a declaration for {{ item.docroot | default("/var/www/" + item.vhostname) }}/
<Directory "{{ item.docroot | default("/var/www/" + item.vhostname) }}/">
Initial commit with previous code
2022-10-11 09:18:51 +02:00
Options +FollowSymlinks
AllowOverride All
</Directory>
## Logging
ErrorLog "/var/log/apache2/{{ item.vhostname }}_error.log"
ServerSignature Off
CustomLog "/var/log/apache2/{{ item.vhostname }}_access.log" combined
## Redirect rules
Redirect permanent / https://{{ item.vhostname }}/
</VirtualHost>
<VirtualHost *:{{ ssl_port|default("443") }}>
ServerName {{ item.vhostname }}
fix template
2022-12-08 13:05:58 +01:00
ServerAdmin {{ item.serveradmin|default("webmaster@" + item.vhostname ) }}
Initial commit with previous code
2022-10-11 09:18:51 +02:00
{% if item.server_aliases is defined %}
ServerAlias {% for alias in item.server_aliases %}{{ alias }} {% endfor %}
{% endif %}
{% if item.aliases is defined %}{% for alias in item.aliases %}
Alias /{{ alias.dest }} "{{ alias.src }}"
{% endfor %}{% endif %}
Add vhost config
2023-02-15 14:28:06 +01:00
{% if item.scriptaliases is defined %}{% for alias in item.scriptaliases %}
ScriptAlias /{{ alias.dest }} "{{ alias.src }}"
{% endfor %}{% endif %}
Initial commit with previous code
2022-10-11 09:18:51 +02:00
fix template
2022-12-08 12:54:30 +01:00
{% if item.docroot is defined %} ## Vhost docroot
fix template
2022-12-08 13:05:58 +01:00
DocumentRoot "{{ item.docroot | default("/var/www/" + item.vhostname ) }}/"
Initial commit with previous code
2022-10-11 09:18:51 +02:00
fix template
2022-12-08 13:05:58 +01:00
## Directories, there should at least be a declaration for {{ item.docroot | default('/var/www/' + item.vhostname ) }}/
Initial commit with previous code
2022-10-11 09:18:51 +02:00
fix template
2022-12-08 13:05:58 +01:00
<Directory "{{ item.docroot | default('/var/www/' + item.vhostname ) }}/">
Initial commit with previous code
2022-10-11 09:18:51 +02:00
{% if item.root_options is defined %}
Options {% for option in item.root_options %}{{ option }} {% endfor %}
{% endif %}
{% if item.root_custom_code is defined %}
{{ item.root_custom_code }}
{% endif %}
AllowOverride All
</Directory>{% endif %}
{% if item.directories is defined %}{% for directory in item.directories %}
<Directory "{{ directory.path }}">
{% if directory.options is defined %}
Options {% for option in directory.options %}{{ option }} {% endfor %}
{% endif %}
AllowOverride {{ directory.allow_override | default("All") }}
Require {{ directory.require | default("all granted") }}
{{ directory.custom_code | default("") }}
</Directory>{% endfor %}{% endif %}
Add vhost config
2023-02-15 14:28:06 +01:00
{% if item.directoriesmatches is defined %}{% for directorymatch in item.directoriesmatches %}
<DirectoryMatch "{{ directorymatch.path }}">
{% if directorymatch.options is defined %}
Options {% for option in directorymatch.options %}{{ option }} {% endfor %}
{% endif %}
AllowOverride {{ directorymatch.allow_override | default("All") }}
Require {{ directorymatch.require | default("all granted") }}
{{ directorymatch.custom_code | default("") }}
</Directory>{% endfor %}{% endif %}
Initial commit with previous code
2022-10-11 09:18:51 +02:00
## Logging
ErrorLog "/var/log/apache2/{{ item.vhostname }}_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/apache2/{{ item.vhostname }}_access_ssl.log" combined
ErrorDocument 404 /notfound.php
ErrorDocument 500 /error500.php
ErrorDocument 503 /error503.php
## Rewrite rules
RewriteEngine On
## SSL directives
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/{{ item.vhostname }}/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/{{ item.vhostname }}/privkey.pem"
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
{% if item.ldap is defined %}
## LDAP authentication
<Location />
AuthType Basic
AuthName "Enter credentials"
AuthBasicProvider ldap
AuthLDAPGroupAttribute member
AuthLDAPSubGroupClass group
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL {{ item.ldap.url }} #ldap://ldap.koti.site/ou=People,ou=Users,dc=koti,dc=site?uid
Require {{ item.ldap.require }} #valid-user
</Location>
{% endif %}
{% if item.reverse_proxy is defined %}
## Reverse proxy
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
ProxyPass / {{ item.reverse_proxy }}
ProxyPassReverse / {{ item.reverse_proxy }}
{% endif %}
{% if item.custom_code is defined %}
## Custom fragment
{{ item.custom_code }}
## End of custom fragment
{% endif %}
</VirtualHost>
Reference in a new issue Copy permalink