supertarto.apache
Ansible Apache
This guide helps you install and set up Apache using Ansible.
Requirements
You don't need any additional requirements.
Tested Platforms
- Debian 10 (Buster)
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
Role Variables
These variables are used to define the Apache service, configuration path, and packages needed.
apache_service: apache2
apache_server_conf: /etc/apache2
apache_packages:
- apache2
- apache2-utils
Configuration for ports to be included in ports.conf
apache_listen_port: 80
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
Security settings for production.
apache_server_token: Prod
apache_server_signature: "Off"
apache_trace_enabled: "Off"
apache_security_configuration_items:
- regexp: "^ServerTokens "
line: "ServerTokens {{ apache_server_token }}"
- regexp: "^ServerSignature "
line: "ServerSignature {{ apache_server_signature }}"
- regexp: "^TraceEnable "
line: "TraceEnable {{ apache_trace_enabled }}"
Lists of modules to enable or disable. They are empty by default.
apache_mods_enabled: []
apache_mods_disabled: []
Option to create a new virtual hosts file. If true, specify the file name.
apache_create_vhosts: true
apache_vhosts_filename: "my-vhosts.conf"
Option to remove the default hosts. If true, specify the file to delete. This can also remove custom virtual hosts.
apache_remove_default_vhost: true
apache_default_vhost_filename:
- 000-default.conf
apache_vhost_config is where you set up your virtual hosts. You can have many virtual hosts. If you want to skip a parameter, simply remove that line. For example, to skip a server alias or location, just delete those parts.
Some variables can have multiple lines: apache_vhost_config.custom_param, apache_vhost_config.directory.config, apache_vhost_config.location.config, apache_vhost_config.file.config. Remember to start those lines with a "|". Here's an example. By default, apache_vhost_config is empty, so you need to define it according to your requirements.
apache_vhost_config:
- listen_ip: "*"
listen_port: 80
server_name: host1
custom_param: |
Redirect / https://host1
- listen_ip: "*"
listen_port: 443
server_name: host1
serveralias: alias1
documentroot: "/var/www/html"
serveradmin: admin@localhost
custom_param: |
ProxyRequests Off
ProxyPreserveHost On
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn
ssl_engine: "on"
ssl_certificate_file: /etc/ssl/certs/certif.crt
ssl_certificate_key_file: /etc/ssl/private/certif.key
ssl_certificate_chain_file: /etc/ssl/certs/chain
directory:
- path: "/var/www/html"
config: |
AllowOverride All
Order deny,allow
allow from all
- path: "/usr/lib/cgi-bin"
config: |
SSLOptions +StdEnvVars
location:
- path: "/"
config: |
Options -Indexes
Options -Includes
Options -FollowSymLinks
ProxyPass http://localhost:8080/ min=0 max=100 smax=50 ttl=10
ProxyPassReverse http://localhost/
file:
- path: '\.(cgi|shtml|phtml|php)$'
config: |
SSLOptions +StdEnvVars
Examples
- hosts: somehost
roles:
- supertarto.apache
vars:
apache_mods_enabled:
- ssl
apache_create_vhosts: true
apache_vhosts_filename: "mysite.conf"
apache_vhost_config:
- listen_ip: "*"
listen_port: 80
server_name: host1
custom_param: |
Redirect / https://host1
- listen_ip: "*"
listen_port: 443
server_name: host1
serveralias: alias1
documentroot: "/var/www/html"
serveradmin: admin@localhost
custom_param: |
ProxyRequests Off
ProxyPreserveHost On
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn
ssl_engine: "on"
ssl_certificate_file: /etc/ssl/certs/certif.crt
ssl_certificate_key_file: /etc/ssl/private/certif.key
ssl_certificate_chain_file: /etc/ssl/certs/chain
directory:
- path: "/var/www/html"
config: |
AllowOverride All
Order deny,allow
allow from all
Installation
To install, run:
ansible-galaxy install supertarto.apache
License
GPL V3.0
Install and configure apache2 with ansible
ansible-galaxy install supertarto.apache