pgporada.httpd
Overview: ansible-role-httpd
This role installs and configures httpd (Apache), sets up any virtual hosts you've specified, and applies any URL rewrite or redirect rules. I learned to configure virtual hosts in a way that senior admins taught me when I worked in a data center, and I've continued using this method throughout my career. This setup reflects my preferences, and you might have different opinions about it.
Variable Definitions
Use this setting if httpd is running behind a load balancer like ELB or HaProxy. If set to true, it will copy the customer_logger.conf file into /etc/httpd/conf.d/. The customer logger will capture the original source IP address from the x-forwarded header.
httpd_is_behind_loadbalancer: false
This sets the default document root directory in /etc/httpd/conf/httpd.conf. You may need to override this for a vagrant setup; otherwise, keep it as is.
httpd_conf_docrootdir: /var/www/domains
Define which ports httpd will listen on.
httpd_conf_port: 80
httpd_conf_port_ssl: 443
Choose whether to enable or disable the httpd keepalive directive. This is a boolean setting for Ansible. Docs
httpd_conf_keepalive_enable: true
Select the multi-processing module for handling requests. Docs
httpd_conf_mpm: prefork # Other options are 'event' and 'worker'
Use the mod_headers module to mark all cookies as httponly and secure. This setting has implications. It's a boolean, defaulting to false. Docs
httpd_conf_securecookies: false
Example Playbook
---
- hosts: localhost
connection: local
become: true
become_method: sudo
vars:
httpd_vhosts_enabled:
- url: jenkins.philporada.com
enable_ssl_vhost: false
#path_to_ssl_ca: /path/to/ca.pem
#path_to_ssl_cert: /path/to/cert.pem
#path_to_ssl_key: /path/to/key.pem
#path_to_ssl_chain: /path/to/bundle.pem
aliases: []
serveradmin: [email protected]
errorlog: "/var/log/httpd/error_log"
accesslog: "/var/log/httpd/access_log"
directory: "/var/www"
docrootdir: public_html
extra_parameters_main: |
#
#RewriteEngine On
# Rewrites ELB requests to https
# We want to match on http specifically instead of the negative, !https, because health checks fail at the 301 redirect
#RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
#RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
extra_parameters_include: |
#
# This is specific to Vagrant
#EnableSendfile Off
# Hide git-related content
RewriteRule ^(.*/)?\.git+ - [R=404,L]
RewriteRule ^(.*/)?\.gitignore+ - [R=404,L]
roles:
- ansible-roles-httpd
...
How to Tackle This Role
Before running tests, validate your syntax using yamllint.
find . -type f -name "*.yml*" | sed "s|\./||g" | egrep -v "(\.kitchen/|\[warning\]|\.molecule/)" | xargs yamllint -f parsable
You should see output like the following, which you can fix or ignore. However, you should take note of any errors, as they could prevent Ansible from completing its tasks. Identifying such issues is beneficial.
$ find . -type f -name "*.yml*" | sed "s|\./||g" | egrep -v "(\.kitchen/|\[warning\]|\.molecule/)" | xargs yamllint -f parsable
defaults/main.yml:41:121: [warning] line too long (127 > 120 characters) (line-length)
meta/main.yml:7:22: [error] syntax error: mapping values are not allowed here
test/integration/default/default.yml:4:1: [warning] comment not indented like content (comments-indentation)
test/requirements.yml:2:2: [warning] missing starting space in comment (comments)
You will need a Ruby environment to install the necessary gems for test-kitchen. We install the gems through bundler.
git clone git@github.com:pgporada/ansible-role-httpd.git
bundle install
bundle update
bundle exec kitchen create
bundle exec kitchen converge
bundle exec kitchen verify
bundle exec kitchen destroy
After this, you should be able to access the default page as defined in the .kitchen.yml file.
Theme Music
Author Information
GPLv3
Phil Porada
Installs and configures httpd. Enables programmatic creation of vhosts.
ansible-galaxy install pgporada.httpd