165 lines
3.3 KiB
YAML
165 lines
3.3 KiB
YAML
---
|
|
|
|
- name: Install Apache packages
|
|
apt:
|
|
pkg:
|
|
- apache2
|
|
- socat
|
|
state: present
|
|
tags: packages
|
|
|
|
- name: Ensure the ssl-cert group exists
|
|
group:
|
|
name: ssl-cert
|
|
system: yes
|
|
tags: packages
|
|
|
|
- name: Ensure apache is a member of ssl-cert
|
|
user:
|
|
name: www-data
|
|
groups: ssl-cert
|
|
append: yes
|
|
tags: packages
|
|
|
|
- name: Install Apache config
|
|
template:
|
|
dest: /etc/apache2/apache2.conf
|
|
src: etc_apache2_apache2.conf.j2
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
notify: Reload Apache
|
|
tags: configs
|
|
|
|
- name: Install Apache module configs
|
|
template:
|
|
dest: "/etc/apache2/mods-available/{{ item }}"
|
|
src: "etc_apache2_mods-available_{{ item }}.j2"
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
with_items:
|
|
- deflate.conf
|
|
- http2.conf
|
|
- ssl.conf
|
|
- status.conf
|
|
notify: Reload Apache
|
|
tags:
|
|
- configs
|
|
- apache-configs
|
|
|
|
- name: Enable Apache modules
|
|
apache2_module:
|
|
name: "{{ item }}"
|
|
state: present
|
|
force: yes
|
|
with_items:
|
|
- deflate
|
|
- env
|
|
- expires
|
|
- headers
|
|
- http2
|
|
- reqtimeout
|
|
- rewrite
|
|
- setenvif
|
|
- ssl
|
|
- status
|
|
- unique_id
|
|
notify: Restart Apache
|
|
tags: configs
|
|
|
|
- name: Install Apache other configs
|
|
template:
|
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
|
src: "etc_apache2_conf-available_{{ item }}.j2"
|
|
with_items:
|
|
- logging.conf
|
|
- security.conf
|
|
notify: Reload Apache
|
|
tags: [configs, logging]
|
|
|
|
- name: Enable Apache other configs
|
|
command: "a2enconf {{ item }}"
|
|
args:
|
|
creates: "/etc/apache2/conf-enabled/{{ item }}"
|
|
with_items:
|
|
- logging.conf
|
|
- security.conf
|
|
notify: Reload Apache
|
|
tags: configs
|
|
|
|
- name: Enable the SSL default vhost
|
|
command: a2ensite default-ssl
|
|
args:
|
|
creates: /etc/apache2/sites-enabled/default-ssl.conf
|
|
notify: Reload Apache
|
|
tags: configs
|
|
|
|
- name: Install Apache logrotate snippet
|
|
template:
|
|
dest: /etc/logrotate.d/apache2
|
|
src: etc_logrotate.d_apache2.j2
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
tags: [configs, logrotate]
|
|
|
|
- name: Install apache2.service override dir
|
|
file:
|
|
dest: /etc/systemd/system/apache2.service.d
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
tags: [configs, systemd]
|
|
|
|
- name: Install apache2.service override
|
|
template:
|
|
dest: /etc/systemd/system/apache2.service.d/local.conf
|
|
src: etc_systemd_system_apache2.service.d_local.conf.j2
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
notify: Reload Apache systemd
|
|
tags: [configs, systemd]
|
|
|
|
- name: Ensure Apache is running
|
|
systemd:
|
|
name: apache2
|
|
state: started
|
|
enabled: yes
|
|
tags: configs
|
|
|
|
- include: mod_evasive.yml
|
|
when: apache_mod_evasive
|
|
tags: mod_evasive
|
|
|
|
- include: mod_security.yml
|
|
when: apache_mod_security
|
|
tags: mod_security
|
|
|
|
- name: Install the Apache firewall config
|
|
template:
|
|
dest: "/etc/firewall/{{ item }}"
|
|
src: "etc_firewall_{{ item | replace('/', '_') }}.j2"
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
when: firewall_enabled and apache_firewall
|
|
notify: Restart firewall
|
|
with_items:
|
|
- rules-v4.d/40_apache.sh
|
|
- rules-v6.d/40_apache.sh
|
|
tags:
|
|
- configs
|
|
- firewall
|
|
|
|
- name: Register the apache service in Consul
|
|
template:
|
|
dest: /etc/consul.d/service-apache.hcl
|
|
src: etc_consul.d_service-apache.hcl.j2
|
|
when: apache_consul_service
|
|
notify: Reload consul
|
|
tags: configs
|
|
|