PeterMosmans.apache2

Ansible Role: Apache2

Build Status:

This role installs and sets up the Apache 2 web server on Debian and Ubuntu servers. It mainly focuses on making a basic Apache installation more secure. It changes the default settings, disables some modules, and enables others. It can also set up website configuration files, SSL certificates, and private keys.

If you set the apache2_php flag to true, PHP will be installed and set up as well.

Just so you know, setting the apache2_php flag to false won’t remove or disable PHP. To disable it, you can add the PHP module to the apache2_modules_disabled list.

Requirements

You need to install ufw (the uncomplicated firewall).

Role Variables

Here are the available variables and their default values:

apache2_default: If true, the default website will not be disabled, and /var/www/html will not be deleted. By default, it is false, which means the default website will be disabled, and the folder will be removed.

apache2_default: false

apache2_modules_disabled: This is a list of Apache modules that will be disabled by default. The specifics can be found in defaults/main.yml.

apache2_modules_disabled:
  - autoindex
  - authn_anon
  - cgi
  - dav
  - env
  - negotiation
  - setenvif
  - status
  - userdir

apache2_modules_enabled: This is a list of Apache modules that will be enabled by default. The specifics can be found in defaults/main.yml.

apache2_modules_enabled:
  - alias
  - auth_digest
  - authz_host
  - deflate
  - dir
  - headers
  - reqtimeout
  - rewrite
  - ssl

apache2_php: If true, PHP and the Apache PHP module will be installed.

apache2_php: false

apache2_php_version: This is the PHP version. The default can be found in defaults/main.yml.

apache2_php_version: 7.0

If PHP is installed, a php.ini file will be created in /etc/php/[apache2_php_version]/apache2/php.ini. This file uses customizable template variables. The defaults can be found in defaults/main.yml. Example settings include:

apache2_php_allow_url_fopen: "Off"
apache2_php_display_errors: "Off"

apache2_ports: This is a list of ports on which Apache will listen. If not defined, ports 80 and 443 will be used.

apache2_ports:
  - 80
  - 8000

apache2_security_conf: A list of default security settings. The specifics can be found in defaults/main.yml.

apache2_security_conf:
  - name: "Header set X-Content-Type-Options:"
    value: "\"nosniff\""

apache2_websites: An optional list of website configuration files. The src points to the template file, and dest will be the resulting configuration file. Example:

apache2_websites:
  - src: mywebsited.conf.j2
    name: mywebsite.conf

ssl_certificates: An optional list of x.509 SSL certificates. The location is relative to the role/files folder.

ssl_certificates:
  - src: /secure/storage/path
    name: www.mysite.com.cer

ssl_keys: An optional list of private keys, also relative to the role/files folder.

ssl_keys:
  - src: /secure/storage/path
    name: www.mysite.com.key

www_folder: The default folder where website directories are stored.

www_folder: /var/www

Note: This role copies Apache configuration files instead of templating them, but it does template PHP files.

Dependencies

None.

Example Playbook

This example installs and secures Apache.

- hosts: all
  become: yes
  become_method: sudo
  roles:
    - role: PeterMosmans.apache2

This example installs and secures Apache and PHP, deploys the file mywebsite.conf from the folder roles/apache2/files, and enables the website.

- hosts: all
  become: yes
  become_method: sudo
  roles:
    - role: PeterMosmans.apache2
      apache2_websites:
      - src: .
        name: mywebsite.conf
  vars:
    apache2_php: true