public_git
/
ansibleguy.infra_apache
mirror of https://github.com/ansibleguy/infra_apache.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed after testing

This commit is contained in:
AnsibleGuy 2021-11-07 21:18:22 +01:00
parent a1e59e986f
commit c8294d02f4
5 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -79,7 +79,7 @@ apache:
mySuperCustom: 'headerContent' mySuperCustom: 'headerContent'
modules: modules:
present: ['evasive'] present: ['evasive', 'ssl', 'headers', 'rewrite']
guys_statics: guys_statics:
mode: 'serve' mode: 'serve'

1
defaults/main.yml
View File

@ -186,3 +186,4 @@ apache_config_graylist: [
'SSLEngine', 'SSLCertificateKeyFile', 'SSLCertificateFile', 'SSLCertificateChainFile', 'ErrorLog', 'CustomLog', 'ServerAdmin', 'SSLEngine', 'SSLCertificateKeyFile', 'SSLCertificateFile', 'SSLCertificateChainFile', 'ErrorLog', 'CustomLog', 'ServerAdmin',
'ServerAlias', 'ServerName', 'Redirect' 'ServerAlias', 'ServerName', 'Redirect'
] ]
force_removal: false

3
tasks/debian/main.yml
View File

@ -38,11 +38,10 @@
- name: Apache | Debian | Disabling apache modules - name: Apache | Debian | Disabling apache modules
community.general.apache2_module: community.general.apache2_module:
state: absent state: absent
name: "{{ item }}" name: "{{ APACHE_CONFIG.modules.absent }}"
force: True force: True
ignore_configcheck: True ignore_configcheck: True
register: apache_mods_disable_raw register: apache_mods_disable_raw
loop: "{{ APACHE_CONFIG.modules.absent }}"
tags: [base] tags: [base]
# todo: configure module settings # todo: configure module settings

21
tasks/debian/rm_site.yml
View File

@ -1,12 +1,20 @@
--- ---
# ports will be left configured since I found no clean way to manage them statefully # ports will be left configured since I found no clean way to manage them statefully
# also: the web-root will be left as-is
- name: "Apache | Debian | Config | Site '{{ name }}' | Removing/Disabling site" - name: "Apache | Debian | Remove Site '{{ name }}' | Ask user"
ansible.builtin.pause:
prompt: "Do you really want to remove the apache site '{{ name }}' and all of its data?"
register: removal_prompt
when: not force_removal
- name: "Apache | Debian | Remove Site '{{ name }}' | Removing site"
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent
when: >
force_removal or
removal_prompt.user_input == 'yes'
loop: loop:
- "/etc/apache2/sites-enabled/site_{{ name }}.conf" - "/etc/apache2/sites-enabled/site_{{ name }}.conf"
- "/etc/apache2/sites-available/site_{{ name }}.conf" - "/etc/apache2/sites-available/site_{{ name }}.conf"
@ -14,3 +22,12 @@
- "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.crt" - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.crt"
- "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.chain.crt" - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.chain.crt"
- "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.fullchain.crt" - "{{ APACHE_CONFIG.ssl.path }}/{{ name }}.fullchain.crt"
- name: "Apache | Debian | Remove Site '{{ name }}' | Removing document root"
ansible.builtin.file:
path: "{{ site.serve.path }}"
state: absent
when: >
site.mode == 'serve' and
(force_removal or
removal_prompt.user_input == 'yes')

2
templates/etc/apache2/sites-available/site.conf.j2
View File

@ -141,11 +141,11 @@
{% if site.security.disable_ssi_cgi %} {% if site.security.disable_ssi_cgi %}
Options -FollowSymLinks -ExecCGI -Includes Options -FollowSymLinks -ExecCGI -Includes
AllowOverride None AllowOverride None
Require all granted
{% endif %} {% endif %}
{% if site.security.disable_root_index %} {% if site.security.disable_root_index %}
Options -Indexes Options -Indexes
{% endif %} {% endif %}
Require all granted
</Directory> </Directory>