apache

Ansible role. Install and configure Apache.

Documentation at readthedocs.io

Feel free to share your feedback and report issues.

Contributions are welcome.

Supported platforms

This role has been developed and tested with

• FreeBSD Supported Production Releases

Requirements

Collections

• community.general

Roles

• config_encoder_filters
• ansible_lib

Variables

Review defaults and examples in vars. By default SSL is off.

apache_ssl: False

Certificates are needed to enable SSL.

apache_ssl: True
apache_version: "24"
apache_SSLCertificateFile: "/usr/local/etc/apache{{ apache_version }}/server.crt"
apache_SSLCertificateKeyFile: "/usr/local/etc/apache{{ apache_version }}/server.key"

Virtual hosts are configured with optional redirection to SSL. By default virtual hosts for ports 80 and 443 will be created and port 80 permanently redirected to 443. Example is available in vars.

Workflow

1. Change shell to /bin/sh if necessary

shell> ansible webserver -e 'ansible_shell_type=csh ansible_shell_executable=/bin/csh' -a 'sudo pw usermod freebsd -s /bin/sh'

2. Install role

shell> ansible-galaxy install vbotka.apache

3. Fit variables

4. Create playbook and inventory

shell> cat apache.yml
---
- hosts: webserver
  roles:
    - vbotka.apache

shell> cat hosts
[webserver]
<webserver-ip-or-fqdn>
[webserver:vars]
ansible_connection=ssh
ansible_user=freebsd
ansible_become=true
ansible_become_method=sudo
ansible_python_interpreter=/usr/local/bin/python3.9
ansible_perl_interpreter=/usr/local/bin/perl

5. Test syntax

shell> ansible-playbook apache.yml --syntax-check

6. Show variables

shell> ansible-playbook apache.yml -t apache_debug -e apache_debug=true

7. Install packages

shell> ansible-playbook apache.yml -t apache_packages -e apache_install=true

8. Dry run and show differences

shell> ansible-playbook apache.yml --check --diff

9. Install and configure apache

shell> ansible-playbook apache.yml

10. Optionally test the webserver

• http://validator.w3.org
• https://www.ssllabs.com

Ansible lint

Use the configuration file .ansible-lint.local when running ansible-lint. Some rules might be disabled and some warnings might be ignored. See the notes in the configuration file.

shell> ansible-lint -c .ansible-lint.local

References

• Apache HTTP Server Documentation
• SSL/TLS Strong Encryption: Trunk: How-To
• SSL/TLS Strong Encryption: 2.4: How-To
• SSL with Virtual Hosts Using SNI
• Multi-Processing Modules (MPMs)
• FreeBSD handbook: 29.8. Apache HTTP Server
• Recommended Steps To Harden Apache HTTP on FreeBSD 12.0

License

Author Information

Vladimir Botka