public_git
/
ansibleguy.infra_apache
mirror of https://github.com/ansibleguy/infra_apache.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added http2 config-support and http-listener switch

This commit is contained in:
AnsibleGuy 2021-12-30 18:44:07 +01:00
parent e216f9471d
commit 086bf13008
2 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
defaults/main.yml
View File

@ -80,7 +80,7 @@ default_apache:
pwd: # it's highly recommended setting a passphrase!
modules:
present: ['ssl', 'headers', 'rewrite']
present: ['ssl', 'headers', 'rewrite', 'http2']
absent: ['autoindex']
letsencrypt:
@ -106,6 +106,8 @@ default_site_config:
domain:
aliases: []
ip:
http_versions: [2, 1]
plain_site: true # if http site (only used for redirect to https) should be created
config: {} # site-specific setting-value pairs
config_additions: [] # lines that will 1-to-1 be appended to the site-config

24
templates/etc/apache2/sites-available/site.conf.j2
View File

@ -1,34 +1,41 @@
# {{ ansible_managed }}
# ansibleguy.infra_apache
{% if site.plain_site %}
# http listener
<VirtualHost *:{{ site.port_plain }}>
ServerName {{ site.domain }}
{% if site.aliases | length > 0 %}
{% if site.aliases | length > 0 %}
ServerAlias {% for name in site.aliases %} {{ name }} {% endfor %}{% if site.ip is not none %} {{ site.ip }}{% endif %}
{% endif %}
{% endif %}
ServerAdmin {{ site.admin }}
# log config
{% if APACHE_CONFIG.log.syslog and APACHE_CONFIG.log.syslog_host is not none %}
{% if APACHE_CONFIG.log.syslog and APACHE_CONFIG.log.syslog_host is not none %}
ErrorLog "| /usr/bin/logger -n {{ APACHE_CONFIG.log.syslog_host }} -P {{ APACHE_CONFIG.log.syslog_port }} -p local1.error -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}"
CustomLog "| /usr/bin/logger -n {{ APACHE_CONFIG.log.syslog_host }} -P {{ APACHE_CONFIG.log.syslog_port }} -p local1.info -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}" combined
{% elif APACHE_CONFIG.log.syslog %}
{% elif APACHE_CONFIG.log.syslog %}
ErrorLog "| /usr/bin/logger -p local1.error -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}"
CustomLog "| /usr/bin/logger -p local1.info -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}" combined
{% elif APACHE_CONFIG.log.per_site %}
{% elif APACHE_CONFIG.log.per_site %}
ErrorLog {{ APACHE_CONFIG.log.path }}/{{ name }}_error.log
CustomLog {{ APACHE_CONFIG.log.path }}/{{ name }}_access.log combined
{% else %}
{% else %}
ErrorLog {{ APACHE_CONFIG.log.path }}/error.log
CustomLog {{ APACHE_CONFIG.log.path }}/access.log combined
{% endif %}
{% endif %}
# http versions
Protocols {% if 2 in site.http_versions %}h2c {% endif %}{% if 1 in site.http_versions or 2 not in site.http_versions %}http/1.1{% endif %}
# redirect all to secure connection
Redirect permanent / https://{{ site.domain }}
</VirtualHost>
{% endif %}
# https listener
<VirtualHost *:{{ site.port_ssl }}>
ServerName {{ site.domain }}
@ -53,6 +60,9 @@
CustomLog {{ APACHE_CONFIG.log.path }}/access.log combined
{% endif %}
# http versions
Protocols {% if 2 in site.http_versions %}h2 {% endif %}{% if 1 in site.http_versions or 2 not in site.http_versions %}http/1.1{% endif %}
# ssl config
<IfModule mod_ssl.c>
SSLEngine on