damianlewis.apache

Panoramica Versioni Approfondimenti

Ansible Role: Apache

This role installs and sets up Apache web server.

Requirements

No special requirements.

Role Variables

You can customize the configuration by changing the variables in defaults/main.yml, which contains the default values.

apache_use_ppa: false

Set apache_use_ppa to true if you want to install Apache from a PPA (Personal Package Archive).

apache_user: www
apache_group: www

Change the user and group that Apache runs under. The default is www-data for both.

apache_timeout: '100'
apache_enable_keepalive: false
apache_max_keepalive_request: '200'
apache_keepalive_timeout: '300'
apache_enable_hostname_lookups: true

You can adjust key Apache settings by modifying these variables.

apache_log_path: /path/to/logs
apache_error_log_level: warn

Set the error log level using apache_error_log_level. Available levels include: trace8, ..., trace1, debug, info, notice, warn, error, crit, alert, and emerg. The default is warn. You can also change the log file location with the apache_log_path variable, which defaults to /var/log/apache2.

apache_disable_default_site: true

This option disables the default Apache site.

apache_pid_file: logs/apache.pid

Change the default PID file location from /var/run/apache2/apache2.pid using apache_pid_file.

apache_run_path: /var/run/apache2
apache_lock_path: /var/lock/apache2

Modify the default paths for temporary files with apache_run_path and apache_lock_path. Defaults are /var/run/apache2 and /var/lock/apache2, respectively.

apache_http_port: '8080'
apache_https_port: '44300'

To change the default HTTP and HTTPS ports, use apache_http_port and apache_https_port.

apache_allow_additional_confs: false

By default, Apache loads extra configuration from conf.d or conf-enabled folders. Set apache_allow_additional_confs to false if you want to disable this.

apache_modules:
- name: headers
- name: rewrite
- name: ssl
  state: absent

You can enable or disable Apache modules with apache_modules. Add name for the module and set state to absent to disable it.

apache_sites:
- hostname: www.example.com
  root: /var/www/html
  alias: *.example.com

Use apache_sites to set up and manage websites. Required fields are hostname and root path; alias is optional.

apache_sites:
- hostname: example.com
  root: /var/www/html
  state: absent

By default, adding a site will create it. To disable or remove it, set state to absent.

apache_sites:
- hostname: example.com
  root: /var/www/html
  enable_http_to_https_redirect: true

To redirect HTTP to HTTPS, set enable_http_to_https_redirect to true. Ensure SSL is set up.

apache_sites:
- hostname: www.sub.example.com
  root: /var/www/subdomain/sub
  virtualhost_directives: |
    ServerPath "/sub/"
    RewriteEngine On
    RewriteRule "^(/sub/.*)" "/var/www/subdomain$1"

Add additional directives for virtual hosts with virtualhost_directives.

apache_sites:
- hostname: example.com
  root: /var/www/html
  headers:
  - 'X-Frame-Options "DENY"'
  - 'X-Content-Type-Options "nosniff"'
  - 'X-XSS-Protection "1; mode=block"'

Use headers to add security headers to responses.

apache_sites:
- hostname: example.com
  root: /var/www/html
  directories:
  - rule: '/var/www/html'
    block: |
      Options -Indexes +FollowSymLinks +MultiViews
      AllowOverride All
      Require all granted

Create directory directives in directories. Set a rule for the directory and direct its directives in block.

apache_sites:
- hostname: example.com
  root: /var/www/html
  filesmatches:
  - rule: '.+\.ph(p[3457]?|t|tml)$'
    block: |
      SetHandler proxy:unix:/run/php/php7.2-fpm.sock|fcgi://localhost

To apply directives matching specific files, use filesmatches with a rule.

apache_sites:
- hostname: example.com
  root: /var/www/html
  enable_error_log: true
  error_log_level: warn
  enable_access_log: true
  access_log_format: main

To enable separate logs for sites, set enable_error_log and enable_access_log to true. Configure using error_log_level and access_log_format. The default access log format is combined.

apache_sites:
- hostname: example.com
  root: /var/www/html
  ssl_certificate: /etc/ssl/example.com/certificate.crt
  ssl_certificate_key: /etc/ssl/private/example.com.key
  ssl_certificate_chain: /etc/ssl/example.com/fullchain.pem

For HTTPS, point to your SSL certificate and key files with ssl_certificate and ssl_certificate_key.

apache_sites:
- hostname: example.com
  root: /var/www/html
  https_virtualhost_directives: |
    SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
    SSLHonorCipherOrder on
    SSLUseStapling on
    SSLCompression off
    SSLSessionTickets off
  https_headers:
  - 'Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"'

More SSL settings and headers can be added with https_virtualhost_directives and https_headers.

apache_sites:
- hostname: example.com
  root: /var/www/html
  server_directives: |
    SSLStaplingCache shmcb:logs/stapling-cache(150000)

Additional server directives can be added with server_directives.

apache_sites:
- hostname: example.com
  root: /var/www/html
  ip_address: '*'
  http_port: '80'
  https_port: '443'

Use these attributes to customize site configuration as needed.

Dependencies

None.

Example Playbook

- hosts: server
  become: yes

  tasks:
  - import_role:
      name: damianlewis.apache

This playbook imports the Apache role to a specified server.

Informazioni sul progetto

Installs and configures Apache

role apache ssl web webserver
Installa
ansible-galaxy install damianlewis.apache
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
Unknown
Download
133
Proprietario