apache2-vhosts

==============

This role sets up multiple Apache2 virtual hosts (vhosts) along with separate user accounts. It's intended for environments hosting several sites that need access from multiple developers. SSH access is restricted to public key logins only.

Role Variables

---

There are several variables you can use. Some depend on individual hosts, while others are applicable to the role overall.

Apache Variables

apache_packages:
  - apache2
  - apache2-doc
  - apache2-utils
  - apache2-mpm-itk
  - libapache2-mod-php5

apache_modules:
  - alias.conf
  - alias.load
  - auth_basic.load
  - authn_file.load
  - ...

apache_host: "127.0.0.1"
apache_port: "80"
apache_ssl_port: "443"

apache_packages

This lists all the necessary apt Apache2 packages. By default, the apache2-mpm-itk worker is installed, allowing each vhost to run as its user.

apache_modules

This lists all the enabled Apache2 modules and their configuration files. These are symlinked from /etc/apache2/mods-available to /etc/apache2/mods-enabled.

apache_host

This is the IP address for Apache2 to listen on. It's used in the Listen line of the Apache configuration file as well as in the VirtualHost entries.

apache_port

This is the port on which Apache2 will listen. It is used in the Listen line and the VirtualHost entries.

apache_ssl_port

This is the SSL port for Apache2. It’s also used in the Listen line and the VirtualHost entries.

PHP Variables

php_packages:
  - php5-common
  - php5-cli
  - php5-suhosin
  - php5-apc
  - php-pear
  - php5-gd
  - php5-memcache
  - php5-mcrypt
  - php5-gmp
  - php5-mysql
  - php5-curl

post_max_size: "10M"
upload_max_filesize: "10M"
php_timezone: "Australia/Brisbane"
memory_limit: "32M"
html_errors: "Off"

php_packages

This lists all the apt PHP packages that are needed.

post_max_size, upload_max_filesize, php_timezone, memory_limit, html_errors

These settings are found in the php.ini file, likely set for each host.

Vhost Settings

deleted_vhost_sites:
  - {
      host: 'del.example.com',
      user: 'delexample',
      group: 'delexample',
      admin_email: '[email protected]',
      disabled: True
    }

disabled_vhost_sites: &disabled
  - {
      host: 'dev.example.com',
      user: 'devexample',
      group: 'devexample',
      admin_email: '[email protected]',
      disabled: True
    }

vhost_sites:
  - *disabled
  - {
      host: 'example.com',
      user: 'example',
      group: 'example',
      admin_email: '[email protected]',
      ssl: {
        enabled: False,
        ssl_certificate: '/path/to/ssl/cert',
        ssl_certificate_key: '/path/to/ssl/private_key'
      },
      aliases: [
        www.example.com,
        au.example.com
      ]
    }

deleted_vhost_sites

Sites listed here will not be on the server. Their user accounts and public_html folders will be deleted, and the site config files will be disabled and removed.

disabled_vhost_sites

These sites will keep their user accounts and public_html folders, but users can't log in, and the vhost config files won't be enabled in Apache.

vhost_sites

This combines disabled sites and any additional sites to be enabled. It ensures user accounts exist, allowing SSH login. public_html folders will be created, and the configuration will be linked to sites-enabled, so Apache can serve their content.

SSH Settings

As part of creating the vhosts, all files in files/ssh/keys are combined and added to each enabled user account. This lets multiple users log into each account as the hosting user.