From 0e0bc1cbbddff69b2e57c9a2ccf877cd33d9dd71 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Wed, 5 Jul 2017 18:22:00 +0200
Subject: [PATCH] Split default vhost into nginx ad apache roles

---
 apache/defaults/main.yml                      |  6 ++
 apache/tasks/main.yml                         | 33 ++++++++++
 .../templates/evolinux-default.conf.j2        |  5 +-
 evolinux-base/defaults/main.yml               |  8 ---
 evolinux-base/tasks/default_www.yml           | 63 -------------------
 .../templates/default_www/index.html.j2       |  6 +-
 nginx/defaults/main.yml                       |  6 ++
 nginx/tasks/main.yml                          | 32 ++++++++++
 .../templates/evolinux-default.conf.j2        |  2 +-
 9 files changed, 84 insertions(+), 77 deletions(-)
 rename evolinux-base/templates/default_www/apache_default_site.j2 => apache/templates/evolinux-default.conf.j2 (90%)
 rename evolinux-base/templates/default_www/nginx_default_site.j2 => nginx/templates/evolinux-default.conf.j2 (95%)

diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml
index 70140cad..10be7acb 100644
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@@ -4,3 +4,9 @@ apache_private_ipaddr_whitelist_absent: []
 
 apache_private_htpasswd_present: []
 apache_private_htpasswd_absent: []
+
+apache_default_redirect_url: "http://evolix.fr"
+apache_evolinux_default_enabled: True
+
+apache_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}"
+apache_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}"
diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml
index dce83867..8f5b51c4 100644
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@@ -152,6 +152,39 @@
   tags:
   - apache
 
+- name: default vhost is installed
+  template:
+    src: evolinux-default.conf.j2
+    dest: /etc/apache2/sites-available/000-evolinux-default.conf
+    mode: "0640"
+    # force: yes
+  notify: reload apache
+  tags:
+  - apache
+
+- name: default vhost is enabled
+  file:
+    src: /etc/apache2/sites-available/000-evolinux-default.conf
+    dest: /etc/apache2/sites-enabled/000-default.conf
+    state: link
+    force: yes
+  notify: reload apache
+  when: apache_evolinux_default_enabled
+  tags:
+  - apache
+
+- name: replace phpmyadmin suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__PHPMYADMIN_SUFFIX__'
+    replace: "{{ apache_phpmyadmin_suffix }}"
+
+- name: replace server-status suffix in default site index
+  replace:
+    dest: /var/www/index.html
+    regexp: '__SERVERSTATUS_SUFFIX__'
+    replace: "{{ apache_serverstatus_suffix }}"
+
 - name: is umask already present?
   command: "grep -E '^umask ' /etc/apache2/envvars"
   failed_when: False
diff --git a/evolinux-base/templates/default_www/apache_default_site.j2 b/apache/templates/evolinux-default.conf.j2
similarity index 90%
rename from evolinux-base/templates/default_www/apache_default_site.j2
rename to apache/templates/evolinux-default.conf.j2
index 8f29785a..3c56568a 100644
--- a/evolinux-base/templates/default_www/apache_default_site.j2
+++ b/apache/templates/evolinux-default.conf.j2
@@ -11,6 +11,7 @@
     # Redirect to HTTPS, execpt for server-status, because Munin plugin
     # can't handle HTTPS! :(
     RewriteEngine on
+    RewriteCond %{HTTPS} !=on
     RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
     RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
     RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
@@ -39,13 +40,13 @@
         Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
     </Directory>
 
-    ErrorDocument 403 {{ evolinux_default_www_redirect_url }}
+    ErrorDocument 403 {{ apache_default_redirect_url }}
     CustomLog /var/log/apache2/access.log vhost_combined
     ErrorLog /var/log/apache2/error.log
     LogLevel warn
 
     Alias /munin /var/cache/munin/www
-    Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/
+    Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/
     IncludeOptional /etc/apache2/conf-available/phpmyadmin*
 
     <Files ~ "\.(inc|bak)$">
diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml
index 50635b05..26428674 100644
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@@ -135,14 +135,6 @@ evolinux_default_www_files: True
 evolinux_default_www_ssl_cert: True
 evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
 
-evolinux_default_www_nginx_vhost: True
-evolinux_default_www_nginx_enabled: False
-
-evolinux_default_www_apache_vhost: True
-evolinux_default_www_apache_enabled: False
-
-evolinux_default_www_redirect_url: "http://evolix.fr"
-
 # hardware
 
 evolinux_hardware_include: True
diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml
index 209fe7e2..b6219772 100644
--- a/evolinux-base/tasks/default_www.yml
+++ b/evolinux-base/tasks/default_www.yml
@@ -48,67 +48,4 @@
       creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
   when: evolinux_default_www_ssl_cert
 
-# Nginx vhost
-
-- name: is Nginx installed?
-  stat:
-    path: /etc/nginx/sites-available
-  check_mode: no
-  register: nginx_sites_available
-
-- block:
-  - name: nginx vhost is installed
-    template:
-      src: default_www/nginx_default_site.j2
-      dest: /etc/nginx/sites-available/000-default
-      mode: "0640"
-      # force: yes
-    notify: reload nginx
-    tags:
-    - nginx
-
-  - name: nginx vhost is enabled
-    file:
-      src: /etc/nginx/sites-available/000-default
-      dest: /etc/nginx/sites-enabled/000-default
-      state: link
-    notify: reload nginx
-    when: evolinux_default_www_nginx_enabled
-    tags:
-    - nginx
-
-  when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists
-
-
-# Apache vhost
-
-- name: is Apache installed?
-  stat:
-    path: /etc/apache2/sites-available
-  check_mode: no
-  register: apache_sites_available
-
-- block:
-  - name: Apache vhost is installed
-    template:
-      src: default_www/apache_default_site.j2
-      dest: /etc/apache2/sites-available/000-evolinux-default.conf
-      mode: "0640"
-      # force: yes
-    notify: reload apache
-    tags:
-    - apache
-
-  - name: Apache vhost is enabled
-    file:
-      src: /etc/apache2/sites-available/000-evolinux-default.conf
-      dest: /etc/apache2/sites-enabled/000-evolinux-default.conf
-      state: link
-    notify: reload apache
-    when: evolinux_default_www_apache_enabled
-    tags:
-    - apache
-
-  when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists
-
 - meta: flush_handlers
diff --git a/evolinux-base/templates/default_www/index.html.j2 b/evolinux-base/templates/default_www/index.html.j2
index 25a967b4..717b93c6 100644
--- a/evolinux-base/templates/default_www/index.html.j2
+++ b/evolinux-base/templates/default_www/index.html.j2
@@ -57,15 +57,15 @@
     <div id="container">
         <h1 class="hostname">{{ ansible_hostname }}</h1>
 
-        <ul>
+        <ul id="evolinks">
             <li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
             <!--
-            <li><a href="/phpmyadmin-PHPMASECRET/">Accès PhpMyAdmin</a></li>
+            <li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>
             <li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
             <li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
             <li><a href="/info.php">Infos PHP</a></li>
             <li><a href="/opcache.php">Infos OpCache PHP</a></li>
-            <li><a href="/server-status-RANDOM_SERVERSTATUS/">Server Status</a></li>
+            <li><a href="/server-status-__SERVERSTATUS_SUFFIX__/">Server Status</a></li>
             -->
         </ul>
 
diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml
index bff60300..e9423c72 100644
--- a/nginx/defaults/main.yml
+++ b/nginx/defaults/main.yml
@@ -4,3 +4,9 @@ nginx_private_ipaddr_whitelist_absent: []
 
 nginx_private_htpasswd_present: []
 nginx_private_htpasswd_absent: []
+
+nginx_default_redirect_url: "http://evolix.fr"
+nginx_evolinux_default_enabled: True
+
+# nginx_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}"
+# nginx_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}"
diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml
index caffaad1..69eca6d4 100644
--- a/nginx/tasks/main.yml
+++ b/nginx/tasks/main.yml
@@ -109,6 +109,38 @@
   tags:
   - nginx
 
+- name: nginx vhost is installed
+  template:
+    src: evolinux-default.conf.j2
+    dest: /etc/nginx/sites-available/evolinux-default.conf
+    mode: "0640"
+  notify: reload nginx
+  tags:
+  - nginx
+
+- name: default vhost is enabled
+  file:
+    src: /etc/nginx/sites-available/evolinux-default.conf
+    dest: /etc/nginx/sites-enabled/default.conf
+    state: link
+    force: yes
+  notify: reload nginx
+  when: nginx_evolinux_default_enabled
+  tags:
+  - nginx
+
+# - name: replace phpmyadmin suffix in default site index
+#   replace:
+#     dest: /var/www/index.html
+#     regexp: '__PHPMYADMIN_SUFFIX__'
+#     replace: "{{ nginx_phpmyadmin_suffix }}"
+#
+# - name: replace server-status suffix in default site index
+#   replace:
+#     dest: /var/www/index.html
+#     regexp: '__SERVERSTATUS_SUFFIX__'
+#     replace: "{{ nginx_serverstatus_suffix }}"
+
 - name: Verify that the service is enabled and started
   service:
     name: nginx
diff --git a/evolinux-base/templates/default_www/nginx_default_site.j2 b/nginx/templates/evolinux-default.conf.j2
similarity index 95%
rename from evolinux-base/templates/default_www/nginx_default_site.j2
rename to nginx/templates/evolinux-default.conf.j2
index 803ff4ad..1e1ceab5 100644
--- a/evolinux-base/templates/default_www/nginx_default_site.j2
+++ b/nginx/templates/evolinux-default.conf.j2
@@ -18,7 +18,7 @@ server {
 
     access_log  /var/log/nginx/access.log;
     error_log  /var/log/nginx/error.log;
-    error_page 403 {{ evolinux_default_www_redirect_url }};
+    error_page 403 {{ nginx_default_redirect_url }};
 
     root /var/www;