geerlingguy.apache

Panoramica Versioni Approfondimenti

Ansible Role: Apache 2.x

CI

This is an Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES, and Solaris.

Requirements

If you use SSL/TLS, provide your own certificate and key files. You can create a self-signed certificate with this command: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt.

If using Apache with PHP, consider using the geerlingguy.php role to install PHP. You can use either mod_php (by adding the right package, like libapache2-mod-php5 for Ubuntu, to php_packages) or geerlingguy.apache-php-fpm to connect Apache to PHP via FPM. Check that role's README for more details.

Role Variables

Here are the available variables and their default values (see defaults/main.yml):

apache_enablerepo: ""

This sets the repository for installing Apache (only for RHEL/CentOS). Use a repository like EPEL for newer Apache versions if needed.

apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443

These specify the IP address and ports where Apache listens. Change them if another service uses ports 80 or 443.

apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts_template: "vhosts.conf.j2"

If true, a vhosts file will be created in the Apache configuration folder. Set it to false to use your own vhosts file.

apache_remove_default_vhost: false

On Debian/Ubuntu, a default virtualhost is included. Set this to true to remove it.

apache_global_vhost_settings: |
  DirectoryIndex index.php index.html
  # Add other global settings here.

Use this variable to add or override global Apache settings in the vhosts file, assuming apache_create_vhosts is true.

apache_vhosts:
  # Optional properties: 'serveradmin, serveralias, extra_parameters'.
  - servername: "local.dev"
    documentroot: "/var/www/html"

Define properties for each virtualhost, like servername (required), documentroot (required), and others.

Here’s an example of using extra_parameters for a redirect:

- servername: "www.local.dev"
  serveralias: "local.dev"
  documentroot: "/var/www/html"
  extra_parameters: |
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

The | indicates a multiline structure in YAML.

apache_vhosts_ssl: []

No SSL virtualhosts are set up by default, but you can configure them similarly to regular virtualhosts.

apache_ssl_no_log: true

Set this to control whether SSL-related output is printed during playbook execution.

apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"

These define which SSL protocols and cipher suites are allowed. Adjust for security and compatibility as needed.

apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"

Default values for AllowOverride and Options for each virtualhost's document root. You can overwrite them in individual vhosts.

apache_mods_enabled:
  - rewrite
  - ssl
apache_mods_disabled: []

Define which Apache modules to enable or disable.

apache_packages:
  - [platform-specific]

List of packages to install, based on the operating system.

apache_state: started

Set the initial state for the Apache service when this role is applied.

apache_enabled: yes

Control whether Apache starts at boot time.

apache_packages_state: present

Set to latest to upgrade Apache if additional repositories are used.

apache_ignore_missing_ssl_certificate: true

If you only want to create SSL virtualhosts when the certificate is available, set to false.

.htaccess-based Basic Authorization

To enable Basic Auth, you can add it through a custom template or with extra_parameters, like this:

    extra_parameters: |
      <Directory "/var/www/password-protected-directory">
        Require valid-user
        AuthType Basic
        AuthName "Please authenticate"
        AuthUserFile /var/www/password-protected-directory/.htpasswd
      </Directory>

For password protecting everything inside a VirtualHost, use the Location block:

<Location "/">
  Require valid-user
  ....
</Location>

You'll need to create or upload your own .htpasswd file.

Dependencies

None.

Example Playbook

- hosts: webservers
  vars_files:
    - vars/main.yml
  roles:
    - { role: geerlingguy.apache }

In vars/main.yml:

apache_listen_port: 8080
apache_vhosts:
  - {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}

License

MIT / BSD

Author Information

This role was created in 2014 by Jeff Geerling, author of Ansible for DevOps.

Informazioni sul progetto

Apache 2.x for Linux.

role web apache webserver html httpd
Installa
ansible-galaxy install geerlingguy.apache
GitHub repository
421 stelle
502 fork
6 problemi aperti
Licenza
mit
Download
10.3M
Proprietario
Jeff Geerling
Father, author, developer, maker. Sometimes called "an inflammatory enigma". #stl #drupal #ansible #k8s #raspberrypi #crohns