ansible-roles/apache/tasks/auth.yml

---

- name: Init ipaddr_whitelist.conf file
  copy:
    src: ipaddr_whitelist.conf
    dest: /etc/apache2/ipaddr_whitelist.conf
    owner: root
    group: root
    mode: "0640"
    force: no
  tags:
    - apache
    
- name: Load IP whitelist task
  include: ip_whitelist.yml

- name: include private IP whitelist for server-status
  lineinfile:
    dest: /etc/apache2/mods-available/status.conf
    line: "        include /etc/apache2/ipaddr_whitelist.conf"
    insertafter: 'SetHandler server-status'
    state: present
  tags:
    - apache

- name: Copy private_htpasswd
  copy:
    src: private_htpasswd
    dest: /etc/apache2/private_htpasswd
    owner: root
    group: root
    mode: "0640"
    force: no
  notify: reload apache
  tags:
    - apache

- name: add user:pwd to private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: present
  loop: "{{ apache_private_htpasswd_present }}"
  notify: reload apache
  tags:
    - apache

- name: remove user:pwd from private htpasswd
  lineinfile:
    dest: /etc/apache2/private_htpasswd
    line: "{{ item }}"
    state: absent
  loop: "{{ apache_private_htpasswd_absent }}"
  notify: reload apache
  tags:
    - apache
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00			`---`

standard Evolix name is /etc/apache2/ipaddr_whitelist.conf cf https://wiki.evolix.org/HowtoApache 2017-08-18 02:31:41 +02:00			`- name: Init ipaddr_whitelist.conf file`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00			`copy:`
Apache/Nginx: use ipaddr_whitelist 2017-10-07 13:48:04 +02:00			`src: ipaddr_whitelist.conf`
standard Evolix name is /etc/apache2/ipaddr_whitelist.conf cf https://wiki.evolix.org/HowtoApache 2017-08-18 02:31:41 +02:00			`dest: /etc/apache2/ipaddr_whitelist.conf`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00			`owner: root`
			`group: root`
			`mode: "0640"`
			`force: no`
			`tags:`
whitespaces 2018-01-02 19:38:12 +01:00			`- apache`
Make ip whitelist tasks more flexible Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban. 2018-10-29 21:53:46 +01:00
			`- name: Load IP whitelist task`
			`include: ip_whitelist.yml`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00
			`- name: include private IP whitelist for server-status`
			`lineinfile:`
			`dest: /etc/apache2/mods-available/status.conf`
standard Evolix name is /etc/apache2/ipaddr_whitelist.conf cf https://wiki.evolix.org/HowtoApache 2017-08-18 02:31:41 +02:00			`line: " include /etc/apache2/ipaddr_whitelist.conf"`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00			`insertafter: 'SetHandler server-status'`
			`state: present`
			`tags:`
whitespaces 2018-01-02 19:38:12 +01:00			`- apache`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00
			`- name: Copy private_htpasswd`
			`copy:`
			`src: private_htpasswd`
			`dest: /etc/apache2/private_htpasswd`
			`owner: root`
			`group: root`
			`mode: "0640"`
			`force: no`
			`notify: reload apache`
			`tags:`
whitespaces 2018-01-02 19:38:12 +01:00			`- apache`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00
			`- name: add user:pwd to private htpasswd`
			`lineinfile:`
			`dest: /etc/apache2/private_htpasswd`
			`line: "{{ item }}"`
			`state: present`
Use 'loop' syntax instead of 'with_items' 2021-05-04 14:18:40 +02:00			`loop: "{{ apache_private_htpasswd_present }}"`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00			`notify: reload apache`
			`tags:`
whitespaces 2018-01-02 19:38:12 +01:00			`- apache`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00
			`- name: remove user:pwd from private htpasswd`
			`lineinfile:`
			`dest: /etc/apache2/private_htpasswd`
			`line: "{{ item }}"`
			`state: absent`
Use 'loop' syntax instead of 'with_items' 2021-05-04 14:18:40 +02:00			`loop: "{{ apache_private_htpasswd_absent }}"`
apache/evoadmin : split jessie/stretch 2017-07-13 14:09:24 +02:00			`notify: reload apache`
			`tags:`
whitespaces 2018-01-02 19:38:12 +01:00			`- apache`