forked from evolix/ansible-roles
Merge branch 'packweb-apache' into unstable
This commit is contained in:
commit
39dc5ddc6c
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
||||||
.kitchen/
|
.kitchen/
|
||||||
|
.kateproject.d
|
||||||
.vagrant/
|
.vagrant/
|
||||||
|
|
11
apache/files/evolinux-ssl.conf
Normal file
11
apache/files/evolinux-ssl.conf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
# Strong security.
|
||||||
|
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
|
||||||
|
SSLProtocol All -SSLv2 -SSLv3
|
||||||
|
SSLHonorCipherOrder On
|
||||||
|
SSLCompression off
|
||||||
|
SSLSessionCache shmcb:/var/log/apache2/ssl_gcache_data(512000)
|
||||||
|
SSLSessionCacheTimeout 600
|
||||||
|
|
||||||
|
# Stapling not activated by default. Need config.
|
||||||
|
#SSLUseStapling on
|
||||||
|
#SSLStaplingCache shmcb:${APACHE_RUN_DIR}/stapling-cache(150000)
|
|
@ -3,13 +3,35 @@
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- apache2-mpm-itk
|
- apache2
|
||||||
|
- apache2-mpm-prefork
|
||||||
- apachetop
|
- apachetop
|
||||||
- libapache2-mod-evasive
|
|
||||||
- libwww-perl
|
- libwww-perl
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: manually disable mpm_event
|
||||||
|
command: a2dismod mpm_event
|
||||||
|
register: cmd_disable_event
|
||||||
|
changed_when: "'Module mpm_event already disabled' not in cmd_disable_event.stdout"
|
||||||
|
|
||||||
|
- name: manually enable mpm_prefork
|
||||||
|
command: a2enmod mpm_prefork
|
||||||
|
register: cmd_disable_prefork
|
||||||
|
changed_when: "'Module mpm_prefork already enabled' not in cmd_disable_prefork.stdout"
|
||||||
|
|
||||||
|
# With Ansible 2.2 the module check the config for conflicts
|
||||||
|
# With 2.3 it can be disabled.
|
||||||
|
# https://docs.ansible.com/ansible/apache2_module_module.html
|
||||||
|
# - name: mpm_event modules is disabled
|
||||||
|
# apache2_module:
|
||||||
|
# name: '{{ item }}'
|
||||||
|
# state: absent
|
||||||
|
# with_items:
|
||||||
|
# - mpm_event
|
||||||
|
# tags:
|
||||||
|
# - apache
|
||||||
|
|
||||||
- name: basic modules are enabled
|
- name: basic modules are enabled
|
||||||
apache2_module:
|
apache2_module:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
|
@ -18,8 +40,8 @@
|
||||||
- rewrite
|
- rewrite
|
||||||
- expires
|
- expires
|
||||||
- headers
|
- headers
|
||||||
- rewrite
|
|
||||||
- cgi
|
- cgi
|
||||||
|
- ssl
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
@ -45,6 +67,17 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: Copy Apache SSL (strong security) config file
|
||||||
|
copy:
|
||||||
|
src: evolinux-ssl.conf
|
||||||
|
dest: "/etc/apache2/conf-available/evolinux-ssl.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
- name: Ensure Apache config files are enabled
|
- name: Ensure Apache config files are enabled
|
||||||
command: "a2enconf {{ item }}"
|
command: "a2enconf {{ item }}"
|
||||||
register: command_result
|
register: command_result
|
||||||
|
@ -52,6 +85,7 @@
|
||||||
with_items:
|
with_items:
|
||||||
- z-evolinux-defaults.conf
|
- z-evolinux-defaults.conf
|
||||||
- zzz-evolinux-custom.conf
|
- zzz-evolinux-custom.conf
|
||||||
|
- evolinux-ssl.conf
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
|
14
evoadmin/defaults/main.yml
Normal file
14
evoadmin/defaults/main.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
general_alert_email: "root@localhost"
|
||||||
|
evoadmin_contact_email: Null
|
||||||
|
evoadmin_bounce_email: "{{ evoadmin_contact_email }}"
|
||||||
|
|
||||||
|
evoadmin_home_dir: "/home/{{ evoadmin_username }}"
|
||||||
|
evoadmin_document_root: "{{ evoadmin_home_dir }}/www"
|
||||||
|
evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
|
||||||
|
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
||||||
|
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
||||||
|
evoadmin_username: evoadmin
|
||||||
|
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||||
|
|
||||||
|
evoadmin_enable_vhost: True
|
12
evoadmin/files/evolinux.conf.diff
Normal file
12
evoadmin/files/evolinux.conf.diff
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
--- evolinux.conf 2015-04-09 16:39:41.862242460 +0200
|
||||||
|
+++ evolinux.conf 2015-04-09 16:51:11.902241748 +0200
|
||||||
|
@@ -23,7 +23,5 @@
|
||||||
|
# Allow RESUME (REST command)
|
||||||
|
AllowStoreRestart on
|
||||||
|
|
||||||
|
-<Limit LOGIN>
|
||||||
|
- AllowGroup ftpusers
|
||||||
|
- DenyAll
|
||||||
|
-</Limit>
|
||||||
|
+AuthOrder mod_auth_file.c
|
||||||
|
+AuthUserFile /etc/proftpd/vpasswd
|
6
evoadmin/handlers/main.yml
Normal file
6
evoadmin/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: reload apache2
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
17
evoadmin/tasks/config.yml
Normal file
17
evoadmin/tasks/config.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Create /etc/evolinux"
|
||||||
|
file:
|
||||||
|
dest: "/etc/evolinux"
|
||||||
|
recurse: yes
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Configure web-add config file
|
||||||
|
template:
|
||||||
|
src: web-add.conf.j2
|
||||||
|
dest: /etc/evolinux/web-add.conf
|
||||||
|
|
||||||
|
- name: Configure web-add template file for mail
|
||||||
|
template:
|
||||||
|
src: web-mail.tpl.j2
|
||||||
|
dest: "{{ evoadmin_scripts_dir }}/web-mail.tpl"
|
24
evoadmin/tasks/ftp.yml
Normal file
24
evoadmin/tasks/ftp.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Verify if proftpd has evolinux config file
|
||||||
|
stat:
|
||||||
|
path: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
|
register: proftpd_config
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Patch ProFTPd config file
|
||||||
|
patch:
|
||||||
|
remote_src: no
|
||||||
|
src: evolinux.conf.diff
|
||||||
|
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||||
|
# Why 440? Because should be edited with ftpasswd.
|
||||||
|
# So, readonly when opened with vim.
|
||||||
|
# Then readable by group.
|
||||||
|
- name: Create /etc/proftpd/vpasswd file in 0440 mode
|
||||||
|
file:
|
||||||
|
state: touch
|
||||||
|
path: /etc/proftpd/vpasswd
|
||||||
|
mode: "0440"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
when: proftpd_config.stat.exists
|
13
evoadmin/tasks/main.yml
Normal file
13
evoadmin/tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include: packages.yml
|
||||||
|
|
||||||
|
- include: user.yml
|
||||||
|
|
||||||
|
- include: config.yml
|
||||||
|
|
||||||
|
- include: ssl.yml
|
||||||
|
|
||||||
|
- include: web.yml
|
||||||
|
|
||||||
|
- include: ftp.yml
|
17
evoadmin/tasks/packages.yml
Normal file
17
evoadmin/tasks/packages.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- include_role:
|
||||||
|
name: apt-repositories
|
||||||
|
tasks_from: evolix_public.yml
|
||||||
|
|
||||||
|
- meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Install PHP packages
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
allow_unauthenticated: yes
|
||||||
|
with_items:
|
||||||
|
- php-pear
|
||||||
|
- php-log
|
||||||
|
- php5-pam
|
24
evoadmin/tasks/ssl.yml
Normal file
24
evoadmin/tasks/ssl.yml
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
- name: ssl-cert package is installed
|
||||||
|
apt:
|
||||||
|
name: ssl-cert
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create private key and csr for default site ({{ ansible_fqdn }})
|
||||||
|
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/{{ evoadmin_host }}.csr -batch -subj "{{ evoadmin_ssl_subject }}"
|
||||||
|
args:
|
||||||
|
creates: "/etc/ssl/private/{{ evoadmin_host }}.key"
|
||||||
|
|
||||||
|
- name: Adjust rights on private key
|
||||||
|
file:
|
||||||
|
path: /etc/ssl/private/{{ evoadmin_host }}.key
|
||||||
|
owner: root
|
||||||
|
group: ssl-cert
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
|
- name: Create certificate for default site
|
||||||
|
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadmin_host }}.csr -signkey /etc/ssl/private/{{ evoadmin_host }}.key -out /etc/ssl/certs/{{ evoadmin_host }}.crt
|
||||||
|
args:
|
||||||
|
creates: "/etc/ssl/certs/{{ evoadmin_host }}.crt"
|
60
evoadmin/tasks/user.yml
Normal file
60
evoadmin/tasks/user.yml
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Create evoadmin account
|
||||||
|
user:
|
||||||
|
name: evoadmin
|
||||||
|
comment: "Evoadmin Web Account"
|
||||||
|
home: "{{ evoadmin_home_dir}}"
|
||||||
|
password: "!"
|
||||||
|
|
||||||
|
- name: Create www-evoadmin group
|
||||||
|
group:
|
||||||
|
name: www-evoadmin
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install Git
|
||||||
|
apt:
|
||||||
|
name: git
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Clone evoadmin repository
|
||||||
|
git:
|
||||||
|
repo: https://forge.evolix.org/evoadmin-web.git
|
||||||
|
dest: "{{ evoadmin_document_root}}"
|
||||||
|
update: no
|
||||||
|
# Warning: Need sudo!
|
||||||
|
become_user: "{{ evoadmin_username }}"
|
||||||
|
|
||||||
|
- name: "Create {{ evoadmin_scripts_dir }}"
|
||||||
|
file:
|
||||||
|
dest: "{{ evoadmin_scripts_dir }}"
|
||||||
|
# recurse: yes
|
||||||
|
mode: "0700"
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Install scripts like web-add.sh
|
||||||
|
shell: "cp {{ evoadmin_document_root}}/scripts/* {{ evoadmin_scripts_dir }}/"
|
||||||
|
args:
|
||||||
|
creates: "{{ evoadmin_scripts_dir }}/web-add.sh"
|
||||||
|
|
||||||
|
# we use a shell command to have a "changed" thet really reflects the result.
|
||||||
|
- name: Fix permissions
|
||||||
|
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'changed' in command_result.stdout"
|
||||||
|
# failed_when: False
|
||||||
|
with_items:
|
||||||
|
- "{{ evoadmin_home_dir}}/www"
|
||||||
|
|
||||||
|
- name: Add www-evoadmin to group shadow
|
||||||
|
user:
|
||||||
|
name: www-evoadmin
|
||||||
|
groups: shadow
|
||||||
|
append: yes
|
||||||
|
|
||||||
|
- name: Add evoadmin sudoers file
|
||||||
|
template:
|
||||||
|
src: sudoers.j2
|
||||||
|
dest: /etc/sudoers.d/evoadmin
|
||||||
|
mode: "0600"
|
||||||
|
validate: "visudo -cf %s"
|
42
evoadmin/tasks/web.yml
Normal file
42
evoadmin/tasks/web.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Set default values in /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
ini_file:
|
||||||
|
dest: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
section: PHP
|
||||||
|
option: "disable_functions"
|
||||||
|
value: "shell-exec,system,passthru,putenv,popen"
|
||||||
|
notify: reload apache
|
||||||
|
|
||||||
|
|
||||||
|
- name: Install evoadmin VHost
|
||||||
|
template:
|
||||||
|
src: evoadmin.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/evoadmin.conf
|
||||||
|
notify: reload apache2
|
||||||
|
|
||||||
|
- name: Enable evoadmin vhost
|
||||||
|
command: "a2ensite evoadmin.conf"
|
||||||
|
register: cmd_a2ensite
|
||||||
|
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
|
||||||
|
notify: reload apache2
|
||||||
|
when: evoadmin_enable_vhost
|
||||||
|
|
||||||
|
- name: Disable evoadmin vhost
|
||||||
|
command: "a2dissite evoadmin.conf"
|
||||||
|
register: cmd_a2dissite
|
||||||
|
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
|
||||||
|
notify: reload apache2
|
||||||
|
when: not evoadmin_enable_vhost
|
||||||
|
|
||||||
|
- name: Copy config file for evoadmin
|
||||||
|
template:
|
||||||
|
src: config.local.php.j2
|
||||||
|
dest: "{{ evoadmin_document_root}}/conf/config.local.php"
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
|
||||||
|
- name: add www-evoadmin to shadow group
|
||||||
|
user:
|
||||||
|
name: www-evoadmin
|
||||||
|
groups: shadow
|
8
evoadmin/templates/config.local.php.j2
Normal file
8
evoadmin/templates/config.local.php.j2
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
|
||||||
|
$localconf['debug'] = FALSE;
|
||||||
|
// Add local users that should be superadmin
|
||||||
|
$localconf['superadmin'] = array();
|
||||||
|
$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
|
||||||
|
$localconf['cluster'] = FALSE;
|
59
evoadmin/templates/evoadmin.conf.j2
Normal file
59
evoadmin/templates/evoadmin.conf.j2
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ evoadmin_host }}
|
||||||
|
Redirect permanent / https://{{ evoadmin_host }}/
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
|
||||||
|
# FQDN principal
|
||||||
|
ServerName {{ evoadmin_host }}
|
||||||
|
#ServerAlias {{ evoadmin_host }}
|
||||||
|
|
||||||
|
# Repertoire principal
|
||||||
|
DocumentRoot {{ evoadmin_document_root }}/htdocs/
|
||||||
|
|
||||||
|
# SSL
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/ssl/certs/{{ evoadmin_host }}.crt
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/{{ evoadmin_host }}.key
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
|
||||||
|
# Propriete du repertoire
|
||||||
|
<Directory {{ evoadmin_document_root }}/htdocs/>
|
||||||
|
#Options Indexes SymLinksIfOwnerMatch
|
||||||
|
Options SymLinksIfOwnerMatch
|
||||||
|
AllowOverride AuthConfig Limit FileInfo
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
# user - group (thanks to sesse@debian.org)
|
||||||
|
AssignUserID www-evoadmin evoadmin
|
||||||
|
|
||||||
|
# LOG
|
||||||
|
CustomLog /var/log/apache2/access.log combined
|
||||||
|
CustomLog {{ evoadmin_log_dir }}/access.log combined
|
||||||
|
ErrorLog {{ evoadmin_log_dir }}/error.log
|
||||||
|
|
||||||
|
# AWSTATS
|
||||||
|
SetEnv AWSTATS_FORCE_CONFIG evoadmin
|
||||||
|
|
||||||
|
# REWRITE
|
||||||
|
UseCanonicalName On
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{HTTP_HOST} !^{{ evoadmin_host }}$
|
||||||
|
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
|
||||||
|
|
||||||
|
# PHP
|
||||||
|
#php_admin_flag engine off
|
||||||
|
#AddType text/html .html
|
||||||
|
#php_admin_flag display_errors On
|
||||||
|
#php_flag short_open_tag On
|
||||||
|
#php_flag register_globals On
|
||||||
|
#php_admin_value memory_limit 256M
|
||||||
|
#php_admin_value max_execution_time 60
|
||||||
|
#php_admin_value upload_max_filesize 8M
|
||||||
|
#php_admin_flag allow_url_fopen Off
|
||||||
|
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-evoadmin"
|
||||||
|
php_admin_value error_log "{{ evoadmin_home_dir }}/log/php.log"
|
||||||
|
php_admin_value open_basedir "none"
|
||||||
|
</VirtualHost>
|
3
evoadmin/templates/sudoers.j2
Normal file
3
evoadmin/templates/sudoers.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
User_Alias EVOADMIN = www-evoadmin
|
||||||
|
Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
|
||||||
|
EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB
|
2
evoadmin/templates/web-add.conf.j2
Normal file
2
evoadmin/templates/web-add.conf.j2
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
|
||||||
|
WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"
|
86
evoadmin/templates/web-mail.tpl.j2
Normal file
86
evoadmin/templates/web-mail.tpl.j2
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
From: %MAIL_FROM%
|
||||||
|
To: RCPTTO
|
||||||
|
Bcc: %MAIL_BCC%
|
||||||
|
Subject: Parametres hebergement web : LOGIN
|
||||||
|
|
||||||
|
Bonjour,
|
||||||
|
|
||||||
|
Votre compte d'hebergement web a ete cree.
|
||||||
|
|
||||||
|
**********************************
|
||||||
|
* CONNEXION SFTP/SSH
|
||||||
|
**********************************
|
||||||
|
|
||||||
|
NOM DU SERVEUR : %SERVER_NAME%
|
||||||
|
USER : LOGIN
|
||||||
|
PASSWORD : PASSE1
|
||||||
|
|
||||||
|
*****************************************
|
||||||
|
* Details sur l'environnement Apache/PHP
|
||||||
|
*****************************************
|
||||||
|
|
||||||
|
URL du site :
|
||||||
|
http://SERVERNAME
|
||||||
|
|
||||||
|
URL des stats :
|
||||||
|
http://SERVERNAME/cgi-RANDOM/awstats.pl
|
||||||
|
(acces par IP ou login a demander !)
|
||||||
|
|
||||||
|
Repertoire de connexion : HOME_DIR/LOGIN/
|
||||||
|
Repertoire pour site web : HOME_DIR/LOGIN/www/
|
||||||
|
|
||||||
|
Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
|
||||||
|
uniquement *en lecture* aux differents fichiers/repertoires
|
||||||
|
(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
|
||||||
|
fichiers ce qui est le comportement par defaut).
|
||||||
|
|
||||||
|
Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
|
||||||
|
fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
|
||||||
|
|
||||||
|
***********************************
|
||||||
|
* MySQL
|
||||||
|
***********************************
|
||||||
|
|
||||||
|
SERVEUR : 127.0.0.1
|
||||||
|
PORT DU SERVEUR : 3306
|
||||||
|
USER : LOGIN
|
||||||
|
PASSWORD : PASSE2
|
||||||
|
NOM BASE : DBNAME
|
||||||
|
URL interface d'admin :
|
||||||
|
%PMA_URL%
|
||||||
|
|
||||||
|
***********************************
|
||||||
|
* Rappels divers
|
||||||
|
***********************************
|
||||||
|
|
||||||
|
Votre nom de domaine doit etre configure pour pointer
|
||||||
|
sur l'adresse IP %SERVER_ADDR% (enregistrement DNS A)
|
||||||
|
ou etre un alias de %SERVER_NAME% (enregistrement DNS CNAME).
|
||||||
|
|
||||||
|
Si vous avez besoin de faire des tests, vous devez
|
||||||
|
ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
|
||||||
|
ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
|
||||||
|
%SERVER_ADDR% SERVERNAME
|
||||||
|
|
||||||
|
Attention, par defaut, toutes les connexions vers l'exterieur
|
||||||
|
sont bloquees. Si vous avez besoin de recuperer des donnees
|
||||||
|
a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
|
||||||
|
afin de mettre en oeuvre les autorisations necessaires.
|
||||||
|
|
||||||
|
Afin de securiser au maximum le serveur, certaines URL
|
||||||
|
particulieres sont non autorisees pour eviter diverses
|
||||||
|
attaques (XSS, robots, trojans, injections, etc.).
|
||||||
|
Exemple d'URL refusee :
|
||||||
|
http://SERVERNAME/cmd32.exe
|
||||||
|
En cas de soucis avec votre application, prevenez-nous.
|
||||||
|
|
||||||
|
Si vous desirez mettre en place des parametres particuliers
|
||||||
|
pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
|
||||||
|
etc.), n'hesitez pas a nous contacter a l'adresse
|
||||||
|
%MAIL_STANDARD% (ou %MAIL_URGENT% si votre demande est
|
||||||
|
urgente).
|
||||||
|
|
||||||
|
|
||||||
|
Cordialement,
|
||||||
|
--
|
||||||
|
%FOOTER%
|
|
@ -92,7 +92,7 @@
|
||||||
- name: Apache vhost is installed
|
- name: Apache vhost is installed
|
||||||
template:
|
template:
|
||||||
src: default_www/apache_default_site.j2
|
src: default_www/apache_default_site.j2
|
||||||
dest: /etc/apache2/sites-available/000-default
|
dest: /etc/apache2/sites-available/000-default.conf
|
||||||
mode: "0640"
|
mode: "0640"
|
||||||
# force: yes
|
# force: yes
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
|
@ -101,8 +101,8 @@
|
||||||
|
|
||||||
- name: Apache vhost is enabled
|
- name: Apache vhost is enabled
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/000-default
|
src: /etc/apache2/sites-available/000-default.conf
|
||||||
dest: /etc/apache2/sites-enabled/000-default
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||||
state: link
|
state: link
|
||||||
notify: reload apache
|
notify: reload apache
|
||||||
when: evolinux_default_www_apache_enabled
|
when: evolinux_default_www_apache_enabled
|
||||||
|
|
|
@ -27,7 +27,7 @@
|
||||||
- name: Configure logrotate.conf
|
- name: Configure logrotate.conf
|
||||||
replace:
|
replace:
|
||||||
dest: /etc/logrotate.conf
|
dest: /etc/logrotate.conf
|
||||||
regexp: "rotate [0-9]*"
|
regexp: "rotate [0-9]+"
|
||||||
replace: "rotate 12"
|
replace: "rotate 12"
|
||||||
when: evolinux_logs_default_rotate
|
when: evolinux_logs_default_rotate
|
||||||
|
|
||||||
|
|
15
packweb-apache/README.md
Normal file
15
packweb-apache/README.md
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# packweb-apache
|
||||||
|
|
||||||
|
Install the web pack, with Apache.
|
||||||
|
|
||||||
|
## Tasks
|
||||||
|
|
||||||
|
Everything is in the `tasks/main.yml` file for now.
|
||||||
|
|
||||||
|
## Available variables
|
||||||
|
|
||||||
|
Main variables are :
|
||||||
|
|
||||||
|
* `log2mail_alert_email`: email address to send Log2mail messages to (default: `general_alert_email`).
|
||||||
|
|
||||||
|
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
5
packweb-apache/defaults/main.yml
Normal file
5
packweb-apache/defaults/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
# defaults file for packweb-apache
|
||||||
|
general_alert_email: "root@localhost"
|
||||||
|
log2mail_alert_email: Null
|
||||||
|
packweb_enable_evoadmin_vhost: True
|
8
packweb-apache/files/evolinux-evasive.conf
Normal file
8
packweb-apache/files/evolinux-evasive.conf
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
<IfModule mod_evasive20.c>
|
||||||
|
DOSHashTableSize 3097
|
||||||
|
DOSPageCount 5
|
||||||
|
DOSSiteCount 30
|
||||||
|
DOSPageInterval 3
|
||||||
|
DOSSiteInterval 1
|
||||||
|
DOSBlockingPeriod 60
|
||||||
|
</IfModule>
|
10
packweb-apache/files/evolinux-itk.conf
Normal file
10
packweb-apache/files/evolinux-itk.conf
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
<IfModule mpm_itk_module>
|
||||||
|
StartServers 50
|
||||||
|
MinSpareServers 20
|
||||||
|
MaxSpareServers 30
|
||||||
|
ServerLimit 250
|
||||||
|
MaxClients 250
|
||||||
|
MaxRequestsPerChild 0
|
||||||
|
LimitUIDRange 0 6000
|
||||||
|
LimitGIDRange 0 6000
|
||||||
|
</IfModule>
|
48
packweb-apache/files/evolinux-modsec.conf
Normal file
48
packweb-apache/files/evolinux-modsec.conf
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
<IfModule mod_security2.c>
|
||||||
|
|
||||||
|
# enable mod_security
|
||||||
|
SecRuleEngine On
|
||||||
|
# access to request bodies
|
||||||
|
SecRequestBodyAccess On
|
||||||
|
#SecRequestBodyLimit 134217728
|
||||||
|
#SecRequestBodyInMemoryLimit 131072
|
||||||
|
# access to response bodies
|
||||||
|
SecResponseBodyAccess Off
|
||||||
|
#SecResponseBodyLimit 524288
|
||||||
|
SecResponseBodyMimeType (null) text/html text/plain text/xml
|
||||||
|
#SecServerSignature "Apache/2.2.0 (Fedora)"
|
||||||
|
|
||||||
|
SecUploadDir /tmp
|
||||||
|
SecUploadKeepFiles Off
|
||||||
|
|
||||||
|
# default action
|
||||||
|
SecDefaultAction "log,auditlog,deny,status:406,phase:2"
|
||||||
|
|
||||||
|
SecAuditEngine RelevantOnly
|
||||||
|
#SecAuditLogRelevantStatus "^[45]"
|
||||||
|
# use only one log file
|
||||||
|
SecAuditLogType Serial
|
||||||
|
# audit log file
|
||||||
|
SecAuditLog /var/log/apache2/modsec_audit.log
|
||||||
|
# what is logged
|
||||||
|
SecAuditLogParts "ABIFHZ"
|
||||||
|
|
||||||
|
#SecArgumentSeparator "&"
|
||||||
|
SecCookieFormat 0
|
||||||
|
SecDebugLog /var/log/apache2/modsec_debug.log
|
||||||
|
SecDebugLogLevel 0
|
||||||
|
|
||||||
|
SecDataDir /tmp
|
||||||
|
SecTmpDir /tmp
|
||||||
|
|
||||||
|
#########
|
||||||
|
# RULES
|
||||||
|
#########
|
||||||
|
|
||||||
|
# File name
|
||||||
|
SecRule REQUEST_FILENAME "modsecuritytest1" "id:1"
|
||||||
|
# Complete URI
|
||||||
|
SecRule REQUEST_URI "modsecuritytest2" "id:2"
|
||||||
|
SecRule REQUEST_FILENAME "(?:n(?:map|et|c)|w(?:guest|sh)|cmd(?:32)?|telnet|rcmd|ftp)\.exe" "id:3"
|
||||||
|
|
||||||
|
</IfModule>
|
0
packweb-apache/files/log/access.log
Normal file
0
packweb-apache/files/log/access.log
Normal file
0
packweb-apache/files/log/error.log
Normal file
0
packweb-apache/files/log/error.log
Normal file
38
packweb-apache/files/userlogrotate
Normal file
38
packweb-apache/files/userlogrotate
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
DATE=`/bin/date +"%d-%m-%Y"`
|
||||||
|
HOMEPREFIX="/home"
|
||||||
|
|
||||||
|
rotate () {
|
||||||
|
mv $1 $1.$DATE
|
||||||
|
gzip $1.$DATE
|
||||||
|
touch $1
|
||||||
|
chown $2 $1
|
||||||
|
chmod g+r $1
|
||||||
|
}
|
||||||
|
|
||||||
|
user_for() {
|
||||||
|
homedir=`echo $1 | sed "s#\($HOMEPREFIX/\([^/]\+\)\).*#\1#"`
|
||||||
|
stat -L -c '%G' $homedir
|
||||||
|
}
|
||||||
|
|
||||||
|
for log in access.log access-*.log error.log; do
|
||||||
|
for i in `ls -1 -d $HOMEPREFIX/*/log/$log 2>/dev/null | grep -v \.bak\.`; do
|
||||||
|
USER=`user_for $i`
|
||||||
|
rotate $i root:$USER
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
for i in `ls -1 -d $HOMEPREFIX/*/log/php.log 2>/dev/null | grep -v \.bak\.`; do
|
||||||
|
USER=`user_for $i`
|
||||||
|
rotate $i www-$USER:$USER
|
||||||
|
done
|
||||||
|
|
||||||
|
for log in production.log delayed_job.log development.log test.log; do
|
||||||
|
for i in `ls -1 -d $HOMEPREFIX/*/www/{,current/}log/$log 2>/dev/null | grep -v \.bak\.`; do
|
||||||
|
USER=`user_for $i`
|
||||||
|
rotate $i $USER:$USER
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
apache2ctl restart > /dev/null
|
10
packweb-apache/handlers/main.yml
Normal file
10
packweb-apache/handlers/main.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: restart apache
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: reload apache
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
67
packweb-apache/tasks/apache.yml
Normal file
67
packweb-apache/tasks/apache.yml
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Check if Apache envvars have a PATH
|
||||||
|
command: "grep -E '^export PATH ' /etc/apache2/envvars"
|
||||||
|
failed_when: False
|
||||||
|
changed_when: False
|
||||||
|
register: envvar_grep_path
|
||||||
|
check_mode: no
|
||||||
|
|
||||||
|
- name: Add a PATH envvar for Apache
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/apache2/envvars
|
||||||
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PATH"
|
||||||
|
block: |
|
||||||
|
# Used for Evoadmin-web
|
||||||
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
|
when: envvar_grep_path.rc != 0
|
||||||
|
|
||||||
|
- name: Additional packages are installed
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- apache2-mpm-itk
|
||||||
|
- libapache2-mod-evasive
|
||||||
|
- libapache2-mod-security2
|
||||||
|
|
||||||
|
- name: Copy Apache settings for modules
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
with_items:
|
||||||
|
- evolinux-itk.conf
|
||||||
|
- evolinux-evasive.conf
|
||||||
|
- evolinux-modsec.conf
|
||||||
|
|
||||||
|
- name: Ensure Apache modules configs are enabled
|
||||||
|
command: "a2enconf {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
|
with_items:
|
||||||
|
- evolinux-itk
|
||||||
|
- evolinux-evasive
|
||||||
|
- evolinux-modsec
|
||||||
|
|
||||||
|
- name: Check if log2mail is installed
|
||||||
|
command: "apt list --installed log2mail"
|
||||||
|
register: command_result
|
||||||
|
changed_when: False
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: command_result
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
|
- name: Add log2mail config for Apache segfaults
|
||||||
|
template:
|
||||||
|
src: log2mail-apache.j2
|
||||||
|
dest: "/etc/log2mail/config/apache"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
when: "'log2mail' in command_result.stdout"
|
48
packweb-apache/tasks/awstats.yml
Normal file
48
packweb-apache/tasks/awstats.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
- name: Install awstats
|
||||||
|
apt:
|
||||||
|
name: awstats
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Configure awstats
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/awstats/awstats.conf.local
|
||||||
|
marker: "## {mark} ANSIBLE MANAGED BLOCK FOR PACKWEB"
|
||||||
|
block: |
|
||||||
|
LogFile="/var/log/apache2/access.log"
|
||||||
|
SiteDomain="{{ ansible_hostname }}"
|
||||||
|
DirData="/var/lib/awstats"
|
||||||
|
ShowHostsStats=0
|
||||||
|
ShowOriginStats=0
|
||||||
|
ShowPagesStats=0
|
||||||
|
ShowKeyphrasesStats=0
|
||||||
|
ShowKeywordsStats=0
|
||||||
|
ShowHTTPErrorsStats=0
|
||||||
|
LogFormat=1
|
||||||
|
AllowFullYearView=3
|
||||||
|
ErrorMessages="An error occured. Contact your Administrator"
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Create conf-available/awstats-icon.conf file
|
||||||
|
copy:
|
||||||
|
dest: /etc/apache2/conf-available/awstats-icon.conf
|
||||||
|
content: |
|
||||||
|
Alias /awstats-icon/ /usr/share/awstats/icon/
|
||||||
|
<Directory /usr/share/awstats/icon/>
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
force: no
|
||||||
|
mode: "0644"
|
||||||
|
|
||||||
|
- name: Enable apache awstats-icon configuration
|
||||||
|
command: "a2enconf awstats-icon"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
|
notify: reload apache
|
||||||
|
|
||||||
|
- name: Create awstats cron
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/cron.d/awstats
|
||||||
|
create: yes
|
||||||
|
regexp: '-config=awstats'
|
||||||
|
line: "10 */6 * * * root umask 033; [ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache2/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null"
|
123
packweb-apache/tasks/main.yml
Normal file
123
packweb-apache/tasks/main.yml
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Include apache role
|
||||||
|
include_role:
|
||||||
|
name: "apache"
|
||||||
|
|
||||||
|
- name: Add elements to user account template
|
||||||
|
file:
|
||||||
|
path: "/etc/skel/{{ item.path }}"
|
||||||
|
state: "{{ item.state }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
with_items:
|
||||||
|
- { path: log, mode: "0750", state: directory }
|
||||||
|
- { path: awstats, mode: "0750", state: directory }
|
||||||
|
- { path: www, mode: "0750", state: directory }
|
||||||
|
|
||||||
|
- name: Copy apache empty log files if missing
|
||||||
|
copy:
|
||||||
|
src: "log/{{ item }}"
|
||||||
|
dest: "/etc/skel/log/{{ item }}"
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
with_items:
|
||||||
|
- access.log
|
||||||
|
- error.log
|
||||||
|
|
||||||
|
- name: Install userlogrotate
|
||||||
|
copy:
|
||||||
|
src: userlogrotate
|
||||||
|
dest: /etc/cron.weekly/userlogrotate
|
||||||
|
mode: "0755"
|
||||||
|
|
||||||
|
- name: Force DIR_MODE to 0750 in /etc/adduser.conf
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/adduser.conf
|
||||||
|
regexp: '^DIR_MODE='
|
||||||
|
line: 'DIR_MODE=0750'
|
||||||
|
|
||||||
|
- include: apache.yml
|
||||||
|
|
||||||
|
- include: php.yml
|
||||||
|
|
||||||
|
- include: phpmyadmin.yml
|
||||||
|
|
||||||
|
- include: awstats.yml
|
||||||
|
|
||||||
|
- name: Remove read permission on some folders (/, /etc, ...)
|
||||||
|
shell: "test -d {{ item }} && chmod --verbose o-r {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'changed' in command_result.stdout"
|
||||||
|
failed_when: False
|
||||||
|
with_items:
|
||||||
|
- /
|
||||||
|
- /etc
|
||||||
|
- /usr
|
||||||
|
- /usr/bin
|
||||||
|
- /var
|
||||||
|
- /var/log
|
||||||
|
- /home
|
||||||
|
- /bin
|
||||||
|
- /sbin
|
||||||
|
- /lib
|
||||||
|
- /usr/lib
|
||||||
|
- /usr/include
|
||||||
|
- /usr/bin
|
||||||
|
- /usr/sbin
|
||||||
|
- /usr/share
|
||||||
|
- /usr/share/doc
|
||||||
|
- /etc/default
|
||||||
|
|
||||||
|
- name: Set 750 permission on some folders (/var/log/apt, /var/log/munin, ...)
|
||||||
|
shell: "test -d {{ item }} && chmod --verbose 750 {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'changed' in command_result.stdout"
|
||||||
|
failed_when: False
|
||||||
|
with_items:
|
||||||
|
- /var/log/apt
|
||||||
|
- /var/lib/dpkg
|
||||||
|
- /var/log/munin
|
||||||
|
- /var/backups
|
||||||
|
- /var/cache/apt
|
||||||
|
- /etc/init.d
|
||||||
|
- /etc/apt
|
||||||
|
- /etc/apache2
|
||||||
|
- /etc/network
|
||||||
|
- /etc/phpmyadmin
|
||||||
|
- /var/log/installer
|
||||||
|
|
||||||
|
- name: Set u-s permission on some binaries (/bin/ping, /usr/bin/mtr, ...)
|
||||||
|
shell: "test -f {{ item }} && chmod --verbose u-s {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'changed' in command_result.stdout"
|
||||||
|
failed_when: False
|
||||||
|
with_items:
|
||||||
|
- /bin/ping
|
||||||
|
- /bin/ping6
|
||||||
|
- /usr/bin/fping
|
||||||
|
- /usr/bin/fping6
|
||||||
|
- /usr/bin/mtr
|
||||||
|
|
||||||
|
- name: Set 640 permission on some files (/var/log/evolix.log, ...)
|
||||||
|
shell: "test -f {{ item }} && chmod --verbose 640 {{ item }}"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'changed' in command_result.stdout"
|
||||||
|
failed_when: False
|
||||||
|
with_items:
|
||||||
|
- /var/log/evolix.log
|
||||||
|
- /etc/warnquota.conf
|
||||||
|
|
||||||
|
- name: Remove some log files (/var/log/mail.err, ...)
|
||||||
|
file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /var/log/debug
|
||||||
|
- /var/log/mail.err
|
||||||
|
- /var/log/mail.warn
|
||||||
|
|
||||||
|
- name: Install Evoadmin
|
||||||
|
include_role:
|
||||||
|
name: evoadmin
|
||||||
|
vars:
|
||||||
|
evoadmin_enable_vhost: "{{ packweb_enable_evoadmin_vhost }}"
|
64
packweb-apache/tasks/php.yml
Normal file
64
packweb-apache/tasks/php.yml
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install PHP5 packages
|
||||||
|
apt:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- libapache2-mod-php5
|
||||||
|
- php5
|
||||||
|
- php5-gd
|
||||||
|
- php5-imap
|
||||||
|
- php5-ldap
|
||||||
|
- php5-mcrypt
|
||||||
|
- php5-mysql
|
||||||
|
- php5-pgsql
|
||||||
|
- php-gettext
|
||||||
|
- php5-curl
|
||||||
|
- libssh2-php
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
|
- name: Set variables for php config files
|
||||||
|
set_fact:
|
||||||
|
php5_apache5_defaults_file: /etc/php5/apache2/conf.d/z-evolinux_defaults.ini
|
||||||
|
php5_apache5_custom_file: /etc/php5/apache2/conf.d/zzz-evolinux_custom.ini
|
||||||
|
|
||||||
|
- name: Set default values for PHP
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: "{{ item.option }}"
|
||||||
|
value: "{{ item.value }}"
|
||||||
|
mode: "0644"
|
||||||
|
create: yes
|
||||||
|
with_items:
|
||||||
|
- { option: "short_open_tag", value: "Off" }
|
||||||
|
- { option: "expose_php", value: "Off" }
|
||||||
|
- { option: "display_errors", value: "Off" }
|
||||||
|
- { option: "log_errors", value: "On" }
|
||||||
|
- { option: "allow_url_fopen", value: "Off" }
|
||||||
|
notify: reload apache
|
||||||
|
|
||||||
|
- name: Disable PHP exec function without evoadmin
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: disable_functions
|
||||||
|
value: "exec,shell-exec,system,passthru,putenv,popen"
|
||||||
|
when: not packweb_enable_evoadmin_vhost
|
||||||
|
|
||||||
|
- name: Don't disable PHP exec function with evoadmin
|
||||||
|
ini_file:
|
||||||
|
dest: "{{ php5_apache5_defaults_file }}"
|
||||||
|
section: PHP
|
||||||
|
option: disable_functions
|
||||||
|
value: "shell-exec,system,passthru,putenv,popen"
|
||||||
|
when: packweb_enable_evoadmin_vhost
|
||||||
|
|
||||||
|
- name: Custom php.ini
|
||||||
|
copy:
|
||||||
|
dest: "{{ php5_apache5_custom_file }}"
|
||||||
|
content: |
|
||||||
|
# Put customized values here.
|
||||||
|
force: no
|
26
packweb-apache/tasks/phpmyadmin.yml
Normal file
26
packweb-apache/tasks/phpmyadmin.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install phpmyadmin
|
||||||
|
apt:
|
||||||
|
name: phpmyadmin
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Check if phpmyadmin default configuration is present
|
||||||
|
stat:
|
||||||
|
path: /etc/apache2/conf-enabled/phpmyadmin.conf
|
||||||
|
register: pma_default_config
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: pma_default_config
|
||||||
|
verbosity: 1
|
||||||
|
|
||||||
|
- name: Disable phpmyadmin default configuration
|
||||||
|
command: "a2disconf phpmyadmin"
|
||||||
|
register: command_result
|
||||||
|
changed_when: "'Disabling' in command_result.stderr"
|
||||||
|
when: pma_default_config.stat.exists
|
||||||
|
|
||||||
|
- name: Change group to www-data for /etc/phpmyadmin/
|
||||||
|
file:
|
||||||
|
dest: /etc/phpmyadmin/
|
||||||
|
group: www-data
|
3
packweb-apache/tasks/web-add.yml
Normal file
3
packweb-apache/tasks/web-add.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# TODO: ...
|
4
packweb-apache/templates/log2mail-apache.j2
Normal file
4
packweb-apache/templates/log2mail-apache.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
file = /var/log/apache2/error.log
|
||||||
|
pattern = "Segmentation fault"
|
||||||
|
mailto = {{ log2mail_alert_email or general_alert_email | mandatory }}
|
||||||
|
template = /etc/log2mail/mail
|
Loading…
Reference in a new issue