diff --git a/tasks/configure_apache.yml b/tasks/configure_apache.yml
index 0a2d777..2a3f097 100644
--- a/tasks/configure_apache.yml
+++ b/tasks/configure_apache.yml
@@ -1,10 +1,11 @@
---
- name: Ensure configuration file is available to Apache
template:
- dest: "/etc/apache2/sites-available/25-{{ vhost_name }}.conf"
+ dest: "/etc/apache2/sites-available/25-{{ item.vhost_name }}.conf"
src: templates/apache_vhost.j2
mode: 0644
backup: yes
+ loop: vhosts
- name: Create auth user file
htpasswd:
@@ -18,6 +19,7 @@
- name: Ensure vhost is enabled
file:
state: link
- src: "/etc/apache2/sites-available/25-{{ vhost_name }}.conf"
- path: "/etc/apache2/sites-enabled/25-{{ vhost_name }}.conf"
+ src: "/etc/apache2/sites-available/25-{{ item.vhost_name }}.conf"
+ path: "/etc/apache2/sites-enabled/25-{{ item.vhost_name }}.conf"
+ loop: vhosts
notify: Restart Apache2
\ No newline at end of file
diff --git a/templates/apache_vhost.j2 b/templates/apache_vhost.j2
index 2fff918..07ab3aa 100644
--- a/templates/apache_vhost.j2
+++ b/templates/apache_vhost.j2
@@ -1,12 +1,14 @@
- ServerName {{ vhost_name }}
- ServerAdmin {{ webadmin }}
- ServerAlias {{ vhost_aliases }}
+ ServerName {{ item.vhost_name }}
+ ServerAdmin {{ item.webadmin | default('webmaster@' + item.vhost_name) }}
+ {% if item.vhost_aliases is defined %}
+ ServerAlias {{ item.vhost_aliases }}
+ {% endif %}
## Logging
- ErrorLog "/var/log/apache2/{{ vhost_name }}_error_ssl.log"
+ ErrorLog "/var/log/apache2/{{ item.vhost_name }}_error_ssl.log"
ServerSignature Off
- CustomLog "/var/log/apache2/{{ vhost_name }}_access_ssl.log" combined
+ CustomLog "/var/log/apache2/{{ item.vhost_name }}_access_ssl.log" combined
ErrorDocument 404 https://susurrando.com/notfound.php
ErrorDocument 500 https://susurrando.com/error500.php
ErrorDocument 503 https://susurrando.com/error503.php
@@ -92,13 +94,13 @@
- ServerName {{ vhost_name }}
- ServerAdmin {{ webadmin }}
+ ServerName {{ item.vhost_name }}
+ ServerAdmin {{ item.webadmin }}
## Logging
- ErrorLog "/var/log/apache2/{{ vhost_name }}_ssl_error_ssl.log"
+ ErrorLog "/var/log/apache2/{{ item.vhost_name }}_ssl_error_ssl.log"
ServerSignature Off
- CustomLog "/var/log/apache2/{{ vhost_name }}_ssl_access_ssl.log" combined
+ CustomLog "/var/log/apache2/{{ item.vhost_name }}_ssl_access_ssl.log" combined
ErrorDocument 404 https://susurrando.com/notfound.php
ErrorDocument 500 https://susurrando.com/error500.php
ErrorDocument 503 https://susurrando.com/error503.php
@@ -108,8 +110,11 @@
## SSL directives
SSLEngine on
- SSLCertificateFile "/etc/letsencrypt/live/{{ vhost_name }}/fullchain.pem"
- SSLCertificateKeyFile "/etc/letsencrypt/live/{{ vhost_name }}/privkey.pem"
+ SSLCertificateFile "{{ ssl_certificate_file }}"
+ SSLCertificateKeyFile "{{ ssl_certificate_file }}"
+ {% if item.ssl_certificate_chain_file is defined %}
+ SSLCertificateChainFile "{{ item.ssl_certificate_chain_file }}"
+ {% endif %}
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
@@ -120,6 +125,6 @@
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
- ProxyPass / http://{{ vhost_name }}/
- ProxyPassReverse / http://{{ vhost_name }}/
+ ProxyPass / http://{{ item.vhost_name }}/
+ ProxyPassReverse / http://{{ item.vhost_name }}/
\ No newline at end of file