fix vhost configuration

tasks/configure_apache.yml

@@ -1,10 +1,11 @@
 ---
 - name: Ensure configuration file is available to Apache
   template:
-    dest: "/etc/apache2/sites-available/25-{{ vhost_name }}.conf"
+    dest: "/etc/apache2/sites-available/25-{{ item.vhost_name }}.conf"
     src: templates/apache_vhost.j2
     mode: 0644
     backup: yes
+  loop: vhosts
 
 - name: Create auth user file
   htpasswd:
@@ -18,6 +19,7 @@
 - name: Ensure vhost is enabled
   file:
     state: link
-    src: "/etc/apache2/sites-available/25-{{ vhost_name }}.conf"
+    src: "/etc/apache2/sites-available/25-{{ item.vhost_name }}.conf"
-    path: "/etc/apache2/sites-enabled/25-{{ vhost_name }}.conf"
+    path: "/etc/apache2/sites-enabled/25-{{ item.vhost_name }}.conf"
+  loop: vhosts
   notify: Restart Apache2

templates/apache_vhost.j2

@@ -1,12 +1,14 @@
 <VirtualHost *:80>
-  ServerName {{ vhost_name }}
+  ServerName {{ item.vhost_name }}
-  ServerAdmin {{ webadmin }}
+  ServerAdmin {{ item.webadmin | default('webmaster@' + item.vhost_name) }}
-  ServerAlias {{ vhost_aliases }}
+  {% if item.vhost_aliases is defined %}
+  ServerAlias {{ item.vhost_aliases }}
+  {% endif %}
 
   ## Logging
-  ErrorLog "/var/log/apache2/{{ vhost_name }}_error_ssl.log"
+  ErrorLog "/var/log/apache2/{{ item.vhost_name }}_error_ssl.log"
   ServerSignature Off
-  CustomLog "/var/log/apache2/{{ vhost_name }}_access_ssl.log" combined
+  CustomLog "/var/log/apache2/{{ item.vhost_name }}_access_ssl.log" combined
   ErrorDocument 404 https://susurrando.com/notfound.php
   ErrorDocument 500 https://susurrando.com/error500.php
   ErrorDocument 503 https://susurrando.com/error503.php
@@ -92,13 +94,13 @@
 </VirtualHost>
 
 <VirtualHost *:443>
-  ServerName {{ vhost_name }}
+  ServerName {{ item.vhost_name }}
-  ServerAdmin {{ webadmin }}
+  ServerAdmin {{ item.webadmin }}
 
   ## Logging
-  ErrorLog "/var/log/apache2/{{ vhost_name }}_ssl_error_ssl.log"
+  ErrorLog "/var/log/apache2/{{ item.vhost_name }}_ssl_error_ssl.log"
   ServerSignature Off
-  CustomLog "/var/log/apache2/{{ vhost_name }}_ssl_access_ssl.log" combined
+  CustomLog "/var/log/apache2/{{ item.vhost_name }}_ssl_access_ssl.log" combined
   ErrorDocument 404 https://susurrando.com/notfound.php
   ErrorDocument 500 https://susurrando.com/error500.php
   ErrorDocument 503 https://susurrando.com/error503.php
@@ -108,8 +110,11 @@
 
   ## SSL directives
   SSLEngine on
-  SSLCertificateFile      "/etc/letsencrypt/live/{{ vhost_name }}/fullchain.pem"
+  SSLCertificateFile      "{{ ssl_certificate_file }}"
-  SSLCertificateKeyFile   "/etc/letsencrypt/live/{{ vhost_name }}/privkey.pem"
+  SSLCertificateKeyFile   "{{ ssl_certificate_file }}"
+  {% if item.ssl_certificate_chain_file is defined %}
+  SSLCertificateChainFile "{{ item.ssl_certificate_chain_file }}"
+  {% endif %}
   SSLProtocol             all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
   SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 
@@ -120,6 +125,6 @@
        SSLProxyEngine On
     SSLProxyCheckPeerCN on
     SSLProxyCheckPeerExpire on
-    ProxyPass / http://{{ vhost_name }}/
+    ProxyPass / http://{{ item.vhost_name }}/
-    ProxyPassReverse / http://{{ vhost_name }}/
+    ProxyPassReverse / http://{{ item.vhost_name }}/
 </VirtualHost>