Split default vhost into nginx ad apache roles

2017-07-05 18:22:00 +02:00 · 2017-07-05 18:22:00 +02:00 · 0e0bc1cbbd
parent de37aac243
commit 0e0bc1cbbd
9 changed files with 84 additions and 77 deletions
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@ -4,3 +4,9 @@ apache_private_ipaddr_whitelist_absent: []

 apache_private_htpasswd_present: []
 apache_private_htpasswd_absent: []
+
+apache_default_redirect_url: "http://evolix.fr"
+apache_evolinux_default_enabled: True
+
+apache_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}"
+apache_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}"
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@ -152,6 +152,39 @@
  tags:
  - apache

+- name: default vhost is installed
+  template:
+    src: evolinux-default.conf.j2
+    dest: /etc/apache2/sites-available/000-evolinux-default.conf
+    mode: "0640"
+    # force: yes
+  notify: reload apache
+  tags:
+  - apache
+
+- name: default vhost is enabled
+  file:
+    src: /etc/apache2/sites-available/000-evolinux-default.conf
+    dest: /etc/apache2/sites-enabled/000-default.conf
+    state: link
+    force: yes
+  notify: reload apache
+  when: apache_evolinux_default_enabled
+  tags:
+  - apache
+
+- name: replace phpmyadmin suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__PHPMYADMIN_SUFFIX__'
+    replace: "{{ apache_phpmyadmin_suffix }}"
+
+- name: replace server-status suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__SERVERSTATUS_SUFFIX__'
+    replace: "{{ apache_serverstatus_suffix }}"
+
 - name: is umask already present?
  command: "grep -E '^umask ' /etc/apache2/envvars"
  failed_when: False
--- a/evolinux-base/templates/default_www/apache_default_site.j2
+++ b/evolinux-base/templates/default_www/apache_default_site.j2
@ -11,6 +11,7 @@
    # Redirect to HTTPS, execpt for server-status, because Munin plugin
    # can't handle HTTPS! :(
    RewriteEngine on
+    RewriteCond %{HTTPS} !=on
    RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
    RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
    RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
@ -39,13 +40,13 @@
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    </Directory>

-    ErrorDocument 403 {{ evolinux_default_www_redirect_url }}
+    ErrorDocument 403 {{ apache_default_redirect_url }}
    CustomLog /var/log/apache2/access.log vhost_combined
    ErrorLog /var/log/apache2/error.log
    LogLevel warn

    Alias /munin /var/cache/munin/www
-    Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/
+    Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/
    IncludeOptional /etc/apache2/conf-available/phpmyadmin*

    <Files ~ "\.(inc|bak)$">
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@ -135,14 +135,6 @@ evolinux_default_www_files: True
 evolinux_default_www_ssl_cert: True
 evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"

-evolinux_default_www_nginx_vhost: True
-evolinux_default_www_nginx_enabled: False
-
-evolinux_default_www_apache_vhost: True
-evolinux_default_www_apache_enabled: False
-
-evolinux_default_www_redirect_url: "http://evolix.fr"
-
 # hardware

 evolinux_hardware_include: True
--- a/evolinux-base/tasks/default_www.yml
+++ b/evolinux-base/tasks/default_www.yml
@ -48,67 +48,4 @@
      creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
  when: evolinux_default_www_ssl_cert

-# Nginx vhost
-
- name: is Nginx installed?
-  stat:
-    path: /etc/nginx/sites-available
-  check_mode: no
-  register: nginx_sites_available
-
- block:
-  - name: nginx vhost is installed
-    template:
-      src: default_www/nginx_default_site.j2
-      dest: /etc/nginx/sites-available/000-default
-      mode: "0640"
-      # force: yes
-    notify: reload nginx
-    tags:
-    - nginx
-
-  - name: nginx vhost is enabled
-    file:
-      src: /etc/nginx/sites-available/000-default
-      dest: /etc/nginx/sites-enabled/000-default
-      state: link
-    notify: reload nginx
-    when: evolinux_default_www_nginx_enabled
-    tags:
-    - nginx
-
-  when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists
-
-
-# Apache vhost
-
- name: is Apache installed?
-  stat:
-    path: /etc/apache2/sites-available
-  check_mode: no
-  register: apache_sites_available
-
- block:
-  - name: Apache vhost is installed
-    template:
-      src: default_www/apache_default_site.j2
-      dest: /etc/apache2/sites-available/000-evolinux-default.conf
-      mode: "0640"
-      # force: yes
-    notify: reload apache
-    tags:
-    - apache
-
-  - name: Apache vhost is enabled
-    file:
-      src: /etc/apache2/sites-available/000-evolinux-default.conf
-      dest: /etc/apache2/sites-enabled/000-evolinux-default.conf
-      state: link
-    notify: reload apache
-    when: evolinux_default_www_apache_enabled
-    tags:
-    - apache
-
-  when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists
-
 - meta: flush_handlers
--- a/evolinux-base/templates/default_www/index.html.j2
+++ b/evolinux-base/templates/default_www/index.html.j2
@ -57,15 +57,15 @@
    <div id="container">
        <h1 class="hostname">{{ ansible_hostname }}</h1>

-        <ul>
+        <ul id="evolinks">
            <li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
            <!--
-            <li><a href="/phpmyadmin-PHPMASECRET/">Accès PhpMyAdmin</a></li>
+            <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>
            <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
            <li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
            <li><a href="/info.php">Infos PHP</a></li>
            <li><a href="/opcache.php">Infos OpCache PHP</a></li>
-            <li><a href="/server-status-RANDOM_SERVERSTATUS/">Server Status</a></li>
+            <li><a href="/server-status-__SERVERSTATUS_SUFFIX__/">Server Status</a></li>
            -->
        </ul>

--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@ -4,3 +4,9 @@ nginx_private_ipaddr_whitelist_absent: []

 nginx_private_htpasswd_present: []
 nginx_private_htpasswd_absent: []
+
+nginx_default_redirect_url: "http://evolix.fr"
+nginx_evolinux_default_enabled: True
+
+# nginx_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}"
+# nginx_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}"
--- a/nginx/tasks/main.yml
+++ b/nginx/tasks/main.yml
@ -109,6 +109,38 @@
  tags:
  - nginx

+- name: nginx vhost is installed
+  template:
+    src: evolinux-default.conf.j2
+    dest: /etc/nginx/sites-available/evolinux-default.conf
+    mode: "0640"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: default vhost is enabled
+  file:
+    src: /etc/nginx/sites-available/evolinux-default.conf
+    dest: /etc/nginx/sites-enabled/default.conf
+    state: link
+    force: yes
+  notify: reload nginx
+  when: nginx_evolinux_default_enabled
+  tags:
+  - nginx
+
+# - name: replace phpmyadmin suffix in default site index
+#   replace:
+#     dest: /var/www/index.html
+#     regexp: '__PHPMYADMIN_SUFFIX__'
+#     replace: "{{ nginx_phpmyadmin_suffix }}"
+#
+# - name: replace server-status suffix in default site index
+#   replace:
+#     dest: /var/www/index.html
+#     regexp: '__SERVERSTATUS_SUFFIX__'
+#     replace: "{{ nginx_serverstatus_suffix }}"
+
 - name: Verify that the service is enabled and started
  service:
    name: nginx
--- a/evolinux-base/templates/default_www/nginx_default_site.j2
+++ b/evolinux-base/templates/default_www/nginx_default_site.j2
@ -18,7 +18,7 @@ server {

    access_log  /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log;
-    error_page 403 {{ evolinux_default_www_redirect_url }};
+    error_page 403 {{ nginx_default_redirect_url }};

    root /var/www;