diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml index 70140cad..10be7acb 100644 --- a/apache/defaults/main.yml +++ b/apache/defaults/main.yml @@ -4,3 +4,9 @@ apache_private_ipaddr_whitelist_absent: [] apache_private_htpasswd_present: [] apache_private_htpasswd_absent: [] + +apache_default_redirect_url: "http://evolix.fr" +apache_evolinux_default_enabled: True + +apache_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}" +apache_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}" diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index dce83867..8f5b51c4 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -152,6 +152,39 @@ tags: - apache +- name: default vhost is installed + template: + src: evolinux-default.conf.j2 + dest: /etc/apache2/sites-available/000-evolinux-default.conf + mode: "0640" + # force: yes + notify: reload apache + tags: + - apache + +- name: default vhost is enabled + file: + src: /etc/apache2/sites-available/000-evolinux-default.conf + dest: /etc/apache2/sites-enabled/000-default.conf + state: link + force: yes + notify: reload apache + when: apache_evolinux_default_enabled + tags: + - apache + +- name: replace phpmyadmin suffix in default site index + replace: + dest: /var/www/index.html + regexp: '__PHPMYADMIN_SUFFIX__' + replace: "{{ apache_phpmyadmin_suffix }}" + +- name: replace server-status suffix in default site index + replace: + dest: /var/www/index.html + regexp: '__SERVERSTATUS_SUFFIX__' + replace: "{{ apache_serverstatus_suffix }}" + - name: is umask already present? command: "grep -E '^umask ' /etc/apache2/envvars" failed_when: False diff --git a/evolinux-base/templates/default_www/apache_default_site.j2 b/apache/templates/evolinux-default.conf.j2 similarity index 90% rename from evolinux-base/templates/default_www/apache_default_site.j2 rename to apache/templates/evolinux-default.conf.j2 index 8f29785a..3c56568a 100644 --- a/evolinux-base/templates/default_www/apache_default_site.j2 +++ b/apache/templates/evolinux-default.conf.j2 @@ -11,6 +11,7 @@ # Redirect to HTTPS, execpt for server-status, because Munin plugin # can't handle HTTPS! :( RewriteEngine on + RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC] RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent] @@ -39,13 +40,13 @@ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - ErrorDocument 403 {{ evolinux_default_www_redirect_url }} + ErrorDocument 403 {{ apache_default_redirect_url }} CustomLog /var/log/apache2/access.log vhost_combined ErrorLog /var/log/apache2/error.log LogLevel warn Alias /munin /var/cache/munin/www - Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/ + Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/ IncludeOptional /etc/apache2/conf-available/phpmyadmin* diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml index 50635b05..26428674 100644 --- a/evolinux-base/defaults/main.yml +++ b/evolinux-base/defaults/main.yml @@ -135,14 +135,6 @@ evolinux_default_www_files: True evolinux_default_www_ssl_cert: True evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}" -evolinux_default_www_nginx_vhost: True -evolinux_default_www_nginx_enabled: False - -evolinux_default_www_apache_vhost: True -evolinux_default_www_apache_enabled: False - -evolinux_default_www_redirect_url: "http://evolix.fr" - # hardware evolinux_hardware_include: True diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 209fe7e2..b6219772 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -48,67 +48,4 @@ creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" when: evolinux_default_www_ssl_cert -# Nginx vhost - -- name: is Nginx installed? - stat: - path: /etc/nginx/sites-available - check_mode: no - register: nginx_sites_available - -- block: - - name: nginx vhost is installed - template: - src: default_www/nginx_default_site.j2 - dest: /etc/nginx/sites-available/000-default - mode: "0640" - # force: yes - notify: reload nginx - tags: - - nginx - - - name: nginx vhost is enabled - file: - src: /etc/nginx/sites-available/000-default - dest: /etc/nginx/sites-enabled/000-default - state: link - notify: reload nginx - when: evolinux_default_www_nginx_enabled - tags: - - nginx - - when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists - - -# Apache vhost - -- name: is Apache installed? - stat: - path: /etc/apache2/sites-available - check_mode: no - register: apache_sites_available - -- block: - - name: Apache vhost is installed - template: - src: default_www/apache_default_site.j2 - dest: /etc/apache2/sites-available/000-evolinux-default.conf - mode: "0640" - # force: yes - notify: reload apache - tags: - - apache - - - name: Apache vhost is enabled - file: - src: /etc/apache2/sites-available/000-evolinux-default.conf - dest: /etc/apache2/sites-enabled/000-evolinux-default.conf - state: link - notify: reload apache - when: evolinux_default_www_apache_enabled - tags: - - apache - - when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists - - meta: flush_handlers diff --git a/evolinux-base/templates/default_www/index.html.j2 b/evolinux-base/templates/default_www/index.html.j2 index 25a967b4..717b93c6 100644 --- a/evolinux-base/templates/default_www/index.html.j2 +++ b/evolinux-base/templates/default_www/index.html.j2 @@ -57,15 +57,15 @@

{{ ansible_hostname }}

-