add option to configure apache and fix redirection

defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+configure_apache: false
 nagios4_config:
   admin_email: 'monitor-admin@example.org'
   admin_pager: 'monitor-admin-pager@example.com'

tasks/main.yml

@@ -5,5 +5,6 @@
 - name: Ensure Nagios is configured
   include_tasks: configure.yml
 
-# - name: Ensure Apache is configured for Nagios
+- name: Ensure Apache is configured for Nagios
-#   include_tasks: configure_apache.yml
+  include_tasks: configure_apache.yml
+  when: configure_apache

templates/apache_vhost.j2

@@ -6,13 +6,48 @@
   {% endif %}
 
   ## Logging
-  ErrorLog "/var/log/apache2/{{ item.vhostname }}_error_ssl.log"
+  ErrorLog "/var/log/apache2/{{ item.vhostname }}_error.log"
   ServerSignature Off
-  CustomLog "/var/log/apache2/{{ item.vhostname }}_access_ssl.log" combined
+  CustomLog "/var/log/apache2/{{ item.vhostname }}_access.log" combined
   ErrorDocument 404 https://susurrando.com/notfound.php
   ErrorDocument 500 https://susurrando.com/error500.php
   ErrorDocument 503 https://susurrando.com/error503.php
 
+  ProxyPass / https://{{ item.vhostname }}/
+  ProxyPassReverse / https://{{ item.vhostname }}/
+
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName {{ item.vhostname }}
+  ServerAdmin {{ item.webadmin }}
+
+  ## Logging
+  ErrorLog "/var/log/apache2/{{ item.vhostname }}_ssl_error_ssl.log"
+  ServerSignature Off
+  CustomLog "/var/log/apache2/{{ item.vhostname }}_ssl_access_ssl.log" combined
+  ErrorDocument 404 https://susurrando.com/notfound.php
+  ErrorDocument 500 https://susurrando.com/error500.php
+  ErrorDocument 503 https://susurrando.com/error503.php
+  ## Rewrite rules
+  RewriteEngine On
+
+  ## SSL directives
+  SSLEngine on
+  SSLCertificateFile      "{{ item.ssl_certificate_file }}"
+  SSLCertificateKeyFile   "{{ item.ssl_certificate_key_file }}"
+  {% if item.ssl_certificate_chain_file is defined %}
+  SSLCertificateChainFile "{{ item.ssl_certificate_chain_file }}"
+  {% endif %}
+  SSLProtocol             all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
+  SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+
+  ## Custom fragment
+    SSLHonorCipherOrder     on
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+       SSLProxyEngine On
+    SSLProxyCheckPeerCN on
+    SSLProxyCheckPeerExpire on
 
   ScriptAlias /cgi-bin/nagios4 /usr/lib/cgi-bin/nagios4
   ScriptAlias /nagios4/cgi-bin /usr/lib/cgi-bin/nagios4
@@ -87,44 +122,5 @@
         AllowOverride None
         Order allow,deny
         Allow from all
-    ##  Only for apache 2.4 ##
-    #   Require all granted
     </Directory>
-
-</VirtualHost>
-
-<VirtualHost *:443>
-  ServerName {{ item.vhostname }}
-  ServerAdmin {{ item.webadmin }}
-
-  ## Logging
-  ErrorLog "/var/log/apache2/{{ item.vhostname }}_ssl_error_ssl.log"
-  ServerSignature Off
-  CustomLog "/var/log/apache2/{{ item.vhostname }}_ssl_access_ssl.log" combined
-  ErrorDocument 404 https://susurrando.com/notfound.php
-  ErrorDocument 500 https://susurrando.com/error500.php
-  ErrorDocument 503 https://susurrando.com/error503.php
-  ## Rewrite rules
-  RewriteEngine On
-
-
-  ## SSL directives
-  SSLEngine on
-  SSLCertificateFile      "{{ item.ssl_certificate_file }}"
-  SSLCertificateKeyFile   "{{ item.ssl_certificate_key_file }}"
-  {% if item.ssl_certificate_chain_file is defined %}
-  SSLCertificateChainFile "{{ item.ssl_certificate_chain_file }}"
-  {% endif %}
-  SSLProtocol             all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
-  SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-
-  ## Custom fragment
-
-    SSLHonorCipherOrder     on
-    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
-       SSLProxyEngine On
-    SSLProxyCheckPeerCN on
-    SSLProxyCheckPeerExpire on
-    ProxyPass / http://{{ item.vhostname }}/
-    ProxyPassReverse / http://{{ item.vhostname }}/
 </VirtualHost>