Ansible Apache

使用 Ansible 安装和配置 Apache。

需求

无

测试平台

• Debian 10 (Buster)
• Debian 11 (Bullseye)
• Debian 12 (Bookworm)

角色变量

Apache 服务、Apache 配置路径和要安装的软件包。

apache_service: apache2
apache_server_conf: /etc/apache2

apache_packages:
  - apache2
  - apache2-utils

端口配置，需加载入 ports.conf。

apache_listen_port: 80
apache_ports_configuration_items:
  - regexp: "^Listen "
    line: "Listen {{ apache_listen_port }}"

在 security.conf 中的修改，以用于生产目的。

apache_server_token: Prod
apache_server_signature: "Off"
apache_trace_enabled: "Off"
apache_security_configuration_items:
  - regexp: "^ServerTokens "
    line: "ServerTokens {{ apache_server_token }}"
  - regexp: "^ServerSignature "
    line: "ServerSignature {{ apache_server_signature }}"
  - regexp: "^TraceEnable "
    line: "TraceEnable {{ apache_trace_enabled }}"

要启用的模块和要禁用的模块列表。默认值为空。

apache_mods_enabled: []
apache_mods_disabled: []

是否要创建新的虚拟主机文件？如果设置为 true，配置文件将命名为何？

apache_create_vhosts: true
apache_vhosts_filename: "my-vhosts.conf"

是否需要删除默认主机？如果设置为 true，哪个配置文件需要被删除？也可以用来删除自定义虚拟主机。

apache_remove_default_vhost: true
apache_default_vhost_filename:
 - 000-default.conf

apache_vhost_config 用于配置您的虚拟主机。您可以有多个虚拟主机。如果不想设置特定参数，只需删除该行。例如，如果您不想定义 serveralias，或者不需要 “location”，请删除这些行。

其他变量可以支持多行：apache_vhost_config.custom_param、 apache_vhost_config.directory.config、 apache_vhost_config.location.config、 apache_vhost_config.file.config。不要忘记前面的管道符号“|”。 这里有一个示例。默认情况下，apache_vhost_config 是空的，您必须根据需要自己定义。

apache_vhost_config:
  - listen_ip: "*"
    listen_port: 80
    server_name: host1
    custom_param: |
        Redirect / https://host1
    
  - listen_ip: "*"
    listen_port: 443
    server_name: host1
    serveralias: alias1
    documentroot: "/var/www/html"
    serveradmin: admin@localhost
    custom_param: |
      ProxyRequests Off
      ProxyPreserveHost On
      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined
      LogLevel warn
    ssl_engine: "on"
    ssl_certificate_file: /etc/ssl/certs/certif.crt
    ssl_certificate_key_file: /etc/ssl/private/certif.key
    ssl_certificate_chain_file: /etc/ssl/certs/chain
    directory:
      - path: "/var/www/html"
        config: |
          AllowOverride All
          Order deny,allow
          allow from all
      - path: "/usr/lib/cgi-bin"
        config: |
          SSLOptions +StdEnvVars
    location:
      - path: "/"
        config: |
          Options -Indexes
          Options -Includes
          Options -FollowSymLinks
          ProxyPass http://localhost:8080/ min=0 max=100 smax=50 ttl=10
          ProxyPassReverse http://localhost/
    file:
      - path: '\.(cgi|shtml|phtml|php)$'
        config: |
          SSLOptions +StdEnvVars

示例

- hosts: somehost
  roles:
    - supertarto.apache

  vars:
    apache_mods_enabled:
        - ssl
    apache_create_vhosts: true
    apache_vhosts_filename: "mysite.conf"
    apache_vhost_config:
        - listen_ip: "*"
          listen_port: 80
          server_name: host1
          custom_param: |
            Redirect / https://host1

        - listen_ip: "*"
          listen_port: 443
          server_name: host1
          serveralias: alias1
          documentroot: "/var/www/html"
          serveradmin: admin@localhost
          custom_param: |
            ProxyRequests Off
            ProxyPreserveHost On
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
            LogLevel warn
          ssl_engine: "on"
          ssl_certificate_file: /etc/ssl/certs/certif.crt
          ssl_certificate_key_file: /etc/ssl/private/certif.key
          ssl_certificate_chain_file: /etc/ssl/certs/chain
          directory:
            - path: "/var/www/html"
              config: |
                AllowOverride All
                Order deny,allow
                allow from all            

安装

ansible-galaxy install supertarto.apache

许可证

GPL V3.0