apache
Ansible apache
Install and configure apache with ansible.
Requirements
None
Tested plateform
- Debian 10 (Buster)
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
Role variables
The apache service, the apache conf path and packages to install.
apache_service: apache2
apache_server_conf: /etc/apache2
apache_packages:
- apache2
- apache2-utils
Ports configuration, to be loaded in ports.conf
apache_listen_port: 80
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
Modifications in security.conf, for production purpose.
apache_server_token: Prod
apache_server_signature: "Off"
apache_trace_enabled: "Off"
apache_security_configuration_items:
- regexp: "^ServerTokens "
line: "ServerTokens {{ apache_server_token }}"
- regexp: "^ServerSignature "
line: "ServerSignature {{ apache_server_signature }}"
- regexp: "^TraceEnable "
line: "TraceEnable {{ apache_trace_enabled }}"
A list of mod to enable and a list of mode to disable. Default value is "empty".
apache_mods_enabled: []
apache_mods_disabled: []
Do you want to create a new vhosts file? If set to true, how will the conf file be called?
apache_create_vhosts: true
apache_vhosts_filename: "my-vhosts.conf"
Do we need to remove the default hosts? If set to true, wich conf file need to be deleted? It can also be use to remove custom vhosts.
apache_remove_default_vhost: true
apache_default_vhost_filename:
- 000-default.conf
apache_vhost_config is used to configure your virtualhost. You can have multiple vhosts. If you don't want to set a specific parameter, just delete it. For exemple, if you don't want to define a serveralias, or if you don't need a "location", remove those lines.
Other variables are meant to be multilined: apache_vhost_config.custom_param, apache_vhost_config.directory.config, apache_vhost_config.location.config, apache_vhost_config.file.config. Don't forger the leadin "|". You can see here an exemple. By default, apache_vhost_config is empty. you MUST define it yourself, to suits your needs.
apache_vhost_config:
- listen_ip: "*"
listen_port: 80
server_name: host1
custom_param: |
Redirect / https://host1
- listen_ip: "*"
listen_port: 443
server_name: host1
serveralias: alias1
documentroot: "/var/www/html"
serveradmin: admin@localhost
custom_param: |
ProxyRequests Off
ProxyPreserveHost On
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn
ssl_engine: "on"
ssl_certificate_file: /etc/ssl/certs/certif.crt
ssl_certificate_key_file: /etc/ssl/private/certif.key
ssl_certificate_chain_file: /etc/ssl/certs/chain
directory:
- path: "/var/www/html"
config: |
AllowOverride All
Order deny,allow
allow from all
- path: "/usr/lib/cgi-bin"
config: |
SSLOptions +StdEnvVars
location:
- path: "/"
config: |
Options -Indexes
Options -Includes
Options -FollowSymLinks
ProxyPass http://localhost:8080/ min=0 max=100 smax=50 ttl=10
ProxyPassReverse http://localhost/
file:
- path: '\.(cgi|shtml|phtml|php)$'
config: |
SSLOptions +StdEnvVars
Examples
- hosts: somehost
roles:
- supertarto.apache
vars:
apache_mods_enabled:
- ssl
apache_create_vhosts: true
apache_vhosts_filename: "mysite.conf"
apache_vhost_config:
- listen_ip: "*"
listen_port: 80
server_name: host1
custom_param: |
Redirect / https://host1
- listen_ip: "*"
listen_port: 443
server_name: host1
serveralias: alias1
documentroot: "/var/www/html"
serveradmin: admin@localhost
custom_param: |
ProxyRequests Off
ProxyPreserveHost On
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn
ssl_engine: "on"
ssl_certificate_file: /etc/ssl/certs/certif.crt
ssl_certificate_key_file: /etc/ssl/private/certif.key
ssl_certificate_chain_file: /etc/ssl/certs/chain
directory:
- path: "/var/www/html"
config: |
AllowOverride All
Order deny,allow
allow from all
Installation
ansible-galaxy install supertarto.apache
License
GPL V3.0
ansible-galaxy install supertarto/ansible-apache