public_git
/
ansibleguy.infra_apache
mirror of https://github.com/ansibleguy/infra_apache.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansibleguy.infra_apache/templates/etc/apache2/sites-available/site.conf.j2

169 lines
5.6 KiB
Django/Jinja
Raw Blame History

# {{ ansible_managed }}
# ansibleguy.infra_apache
<VirtualHost *:{{ site.port_plain }}>
ServerName {{ site.domain }}
{% if site.aliases | length > 0 %}
ServerAlias {% for name in site.aliases %} {{ name }} {% endfor %}{% if site.ip is not none %} {{ site.ip }}{% endif %}
{% endif %}
ServerAdmin {{ site.admin }}
# log config
{% if APACHE_CONFIG.log.syslog and APACHE_CONFIG.log.syslog_host is not none %}
ErrorLog "| /usr/bin/logger -n {{ APACHE_CONFIG.log.syslog_host }} -P {{ APACHE_CONFIG.log.syslog_port }} -p local1.error -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}"
CustomLog "| /usr/bin/logger -n {{ APACHE_CONFIG.log.syslog_host }} -P {{ APACHE_CONFIG.log.syslog_port }} -p local1.info -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}" combined
{% elif APACHE_CONFIG.log.syslog %}
ErrorLog "| /usr/bin/logger -p local1.error -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}"
CustomLog "| /usr/bin/logger -p local1.info -t {{ APACHE_CONFIG.log.prefix_ue }}{{ name }}" combined
{% elif APACHE_CONFIG.log.per_site %}
ErrorLog {{ APACHE_CONFIG.log.path }}/{{ name }}_error.log
CustomLog {{ APACHE_CONFIG.log.path }}/{{ name }}_access.log combined
{% else %}
ErrorLog {{ APACHE_CONFIG.log.path }}/error.log
CustomLog {{ APACHE_CONFIG.log.path }}/access.log combined
{% endif %}
# redirect all to secure connection
Redirect permanent / https://{{ site.domain }}
</VirtualHost>
<VirtualHost *:{{ site.port_ssl }}>
ServerName {{ site.domain }}
{% if site.aliases | length > 0 %}
ServerAlias {% for alias in site.aliases %} {{ alias }} {% endfor %}{% if site.ip is not none %} {{ site.ip }}{% endif %}
{% endif %}
ServerAdmin {{ site.admin }}
# log config
{% if APACHE_CONFIG.log.syslog and APACHE_CONFIG.log.syslog_host is not none %}
ErrorLog "| /usr/bin/logger -n {{ APACHE_CONFIG.log.syslog_host }} -P {{ APACHE_CONFIG.log.syslog_port }} -p local1.error -t {{ APACHE_CONFIG.log.prefix_ssl }}{{ name }}"
CustomLog "| /usr/bin/logger -n {{ APACHE_CONFIG.log.syslog_host }} -P {{ APACHE_CONFIG.log.syslog_port }} -p local1.info -t {{ APACHE_CONFIG.log.prefix_ssl }}{{ name }}" combined
{% elif APACHE_CONFIG.log.syslog %}
ErrorLog "| /usr/bin/logger -p local1.error -t {{ APACHE_CONFIG.log.prefix_ssl }}{{ name }}"
CustomLog "| /usr/bin/logger -p local1.info -t {{ APACHE_CONFIG.log.prefix_ssl }}{{ name }}" combined
{% elif APACHE_CONFIG.log.per_site %}
ErrorLog {{ APACHE_CONFIG.log.path }}/{{ name }}_error.log
CustomLog {{ APACHE_CONFIG.log.path }}/{{ name }}_access.log combined
{% else %}
ErrorLog {{ APACHE_CONFIG.log.path }}/error.log
CustomLog {{ APACHE_CONFIG.log.path }}/access.log combined
{% endif %}
# ssl config
<IfModule mod_ssl.c>
SSLEngine on
SSLCertificateKeyFile {{ APACHE_CONFIG.ssl.path }}/{{ name }}.key
SSLCertificateFile {{ APACHE_CONFIG.ssl.path }}/{{ name }}.crt
{% if site.ssl.mode != 'selfsigned' %}
SSLCertificateChainFile {{ APACHE_CONFIG.ssl.path }}/{{ name }}{% if site.ssl.mode == 'letsencrypt' %}.fullchain{% else %}.chain{% endif %}.crt
{% endif %}
</IfModule>
{% if APACHE_CONFIG.config | length > 0 %}
# global config
{% for setting, value in APACHE_CONFIG.config.items() %}
{% if setting not in apache_config_graylist %}
{{ setting }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
{% if site.config | length > 0 %}
# site-specific config
{% for setting, value in site.config.items() %}
{% if setting not in apache_config_graylist %}
{{ setting }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
{% if APACHE_CONFIG.headers | length > 0 %}
# global headers
<IfModule mod_headers.c>
{% for header, value in APACHE_CONFIG.headers.items() %}
{% if 'Header' in header %}
{{ header }} {{ value }}
{% else %}
Header set {{ header }} {{ value }}
{% endif %}
{% endfor %}
</IfModule>
{% endif %}
{% if site.headers | length > 0 %}
# site-specific headers
<IfModule mod_headers.c>
{% for header, value in site.headers.items() %}
{% if 'Header' in header %}
{{ header }} {{ value }}
{% else %}
Header set {{ header }} {{ value }}
{% endif %}
{% endfor %}
</IfModule>
{% endif %}
# security config
{% if site.security.restrict_methods %}
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(?!{% for method in APACHE_CONFIG.security.restricted_methods %}{{ method }}{% if not loop.last %}|{% endif %}{% endfor %})
RewriteRule .* - [F]
</IfModule>
<Directory />
<LimitExcept {% for method in APACHE_CONFIG.security.restricted_methods %}{{ method }} {% endfor %}>
deny from all
</LimitExcept>
</Directory>
{% endif %}
{% if site.mode == 'redirect' %}
# redirect-mode config
Redirect permanent / {{ site.redirect.target }}
{% if site.redirect.request_uri %}
RedirectMatch permanent ^/(.*)$ {{ site.redirect.target }}/$1
{% else %}
RedirectMatch permanent ^/(.*)$ {{ site.redirect.target }}
{% endif %}
{% elif site.mode == 'serve' %}
# serve-mode config
DocumentRoot {{ site.serve.path }}
# mode-specific security config
<Directory {{ site.serve.path }}>
{% if site.security.disable_ssi_cgi %}
Options -FollowSymLinks -ExecCGI -Includes
AllowOverride None
{% endif %}
{% if site.security.disable_root_index %}
Options -Indexes
{% endif %}
Require all granted
</Directory>
{% endif %}
{% if site.config_additions | length > 0 %}
# additional lines
{% endif %}
{% for line in site.config_additions %}
{{ line }}
{% endfor %}
{% if site.app_include %}
# additional application config include
IncludeOptional /etc/apache2/sites-available/site_{{ name }}_app.conf
{% endif %}
</VirtualHost>
ServerName {{ site.domain }}
Reference in New Issue View Git Blame Copy Permalink