119 lines
2.7 KiB
YAML
119 lines
2.7 KiB
YAML
---
|
|
- name: Allow default HTTP traffic
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ web_port }}"
|
|
|
|
- name: Allow HTTP traffic for vhosts
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ item.web_port | default(80) }}"
|
|
loop: "{{ vhosts }}"
|
|
|
|
- name: Allow HTTPS default traffic
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ ssl_port | default(443) }}"
|
|
when:
|
|
- ssl
|
|
|
|
- name: Allow HTTPS traffic for vhosts
|
|
ufw:
|
|
rule: allow
|
|
port: "{{ item.ssl_port | default(443) }}"
|
|
loop: "{{ vhosts }}"
|
|
when:
|
|
- ssl
|
|
- "'ssl' in item"
|
|
- item.ssl
|
|
|
|
- name: Ensure MPM Worker module is disabled
|
|
shell: a2dismod mpm_worker
|
|
|
|
- name: Ensure MPM Event module is disabled
|
|
shell: a2dismod mpm_event
|
|
|
|
- name: Ensure MPM Pre-Fork module is enabled
|
|
shell: a2enmod mpm_prefork
|
|
|
|
- name: Enable Apache2 modules
|
|
community.general.apache2_module:
|
|
state: present
|
|
name: "{{ item }}"
|
|
loop:
|
|
- rewrite
|
|
- ssl
|
|
- proxy_fcgi
|
|
- proxy
|
|
|
|
|
|
- name: Ensure default vhost root exists
|
|
file:
|
|
path: /var/www/html
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: 0775
|
|
|
|
- name: Ensure default vhost is configured with SSL redirection
|
|
copy:
|
|
dest: /etc/apache2/conf-available/default_host.conf
|
|
src: files/default_host.conf
|
|
backup: yes
|
|
mode: 0644
|
|
notify:
|
|
- Restart Apache
|
|
|
|
- name: Ensure default vhost is enabled with SSL redirection
|
|
file:
|
|
dest: /etc/apache2/conf-enabled/default_host.conf
|
|
src: /etc/apache2/conf-available/default_host.conf
|
|
state: link
|
|
mode: 0644
|
|
notify:
|
|
- Restart Apache
|
|
|
|
- name: Ensure Apache modules are enabled
|
|
community.general.apache2_module:
|
|
state: present
|
|
force: True
|
|
name: "{{ item }}"
|
|
loop: "{{ apache_modules }}"
|
|
register: enabled_mods
|
|
when: apache_modules is defined
|
|
|
|
- name: Ensure Apache is restarted after enabling modules
|
|
service:
|
|
name: apache2
|
|
state: restarted
|
|
when: enabled_mods.changed
|
|
|
|
- name: Ensure vhost docroot exists
|
|
file:
|
|
path: "{{ item.docroot | default('/var/www/{{ item.vhostname }}') }}"
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: 0775
|
|
loop: "{{ vhosts }}"
|
|
|
|
- name: Ensure vhosts are configured
|
|
template:
|
|
src: templates/vhost.conf.j2
|
|
dest: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: yes
|
|
with_items: "{{ vhosts }}"
|
|
notify:
|
|
- Restart Apache
|
|
|
|
- name: Ensure vhost is enabled
|
|
file:
|
|
src: "/etc/apache2/sites-available/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
|
|
dest: "/etc/apache2/sites-enabled/{{ item.weight | default('25') }}-{{ item.vhostname }}.conf"
|
|
state: link
|
|
with_items: "{{ vhosts }}"
|
|
notify:
|
|
- Restart Apache
|