Split default vhost into nginx ad apache roles
This commit is contained in:
parent
de37aac243
commit
0e0bc1cbbd
|
@ -4,3 +4,9 @@ apache_private_ipaddr_whitelist_absent: []
|
||||||
|
|
||||||
apache_private_htpasswd_present: []
|
apache_private_htpasswd_present: []
|
||||||
apache_private_htpasswd_absent: []
|
apache_private_htpasswd_absent: []
|
||||||
|
|
||||||
|
apache_default_redirect_url: "http://evolix.fr"
|
||||||
|
apache_evolinux_default_enabled: True
|
||||||
|
|
||||||
|
apache_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}"
|
||||||
|
apache_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}"
|
||||||
|
|
|
@ -152,6 +152,39 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: default vhost is installed
|
||||||
|
template:
|
||||||
|
src: evolinux-default.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||||
|
mode: "0640"
|
||||||
|
# force: yes
|
||||||
|
notify: reload apache
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
|
- name: default vhost is enabled
|
||||||
|
file:
|
||||||
|
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||||
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
notify: reload apache
|
||||||
|
when: apache_evolinux_default_enabled
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
|
- name: replace phpmyadmin suffix in default site index
|
||||||
|
replace:
|
||||||
|
dest: /var/www/index.html
|
||||||
|
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||||
|
replace: "{{ apache_phpmyadmin_suffix }}"
|
||||||
|
|
||||||
|
- name: replace server-status suffix in default site index
|
||||||
|
replace:
|
||||||
|
dest: /var/www/index.html
|
||||||
|
regexp: '__SERVERSTATUS_SUFFIX__'
|
||||||
|
replace: "{{ apache_serverstatus_suffix }}"
|
||||||
|
|
||||||
- name: is umask already present?
|
- name: is umask already present?
|
||||||
command: "grep -E '^umask ' /etc/apache2/envvars"
|
command: "grep -E '^umask ' /etc/apache2/envvars"
|
||||||
failed_when: False
|
failed_when: False
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
# Redirect to HTTPS, execpt for server-status, because Munin plugin
|
# Redirect to HTTPS, execpt for server-status, because Munin plugin
|
||||||
# can't handle HTTPS! :(
|
# can't handle HTTPS! :(
|
||||||
RewriteEngine on
|
RewriteEngine on
|
||||||
|
RewriteCond %{HTTPS} !=on
|
||||||
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
|
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
|
||||||
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
||||||
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
||||||
|
@ -39,13 +40,13 @@
|
||||||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
ErrorDocument 403 {{ evolinux_default_www_redirect_url }}
|
ErrorDocument 403 {{ apache_default_redirect_url }}
|
||||||
CustomLog /var/log/apache2/access.log vhost_combined
|
CustomLog /var/log/apache2/access.log vhost_combined
|
||||||
ErrorLog /var/log/apache2/error.log
|
ErrorLog /var/log/apache2/error.log
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
|
|
||||||
Alias /munin /var/cache/munin/www
|
Alias /munin /var/cache/munin/www
|
||||||
Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/
|
Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/
|
||||||
IncludeOptional /etc/apache2/conf-available/phpmyadmin*
|
IncludeOptional /etc/apache2/conf-available/phpmyadmin*
|
||||||
|
|
||||||
<Files ~ "\.(inc|bak)$">
|
<Files ~ "\.(inc|bak)$">
|
|
@ -135,14 +135,6 @@ evolinux_default_www_files: True
|
||||||
evolinux_default_www_ssl_cert: True
|
evolinux_default_www_ssl_cert: True
|
||||||
evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
|
evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||||
|
|
||||||
evolinux_default_www_nginx_vhost: True
|
|
||||||
evolinux_default_www_nginx_enabled: False
|
|
||||||
|
|
||||||
evolinux_default_www_apache_vhost: True
|
|
||||||
evolinux_default_www_apache_enabled: False
|
|
||||||
|
|
||||||
evolinux_default_www_redirect_url: "http://evolix.fr"
|
|
||||||
|
|
||||||
# hardware
|
# hardware
|
||||||
|
|
||||||
evolinux_hardware_include: True
|
evolinux_hardware_include: True
|
||||||
|
|
|
@ -48,67 +48,4 @@
|
||||||
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
|
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
|
||||||
when: evolinux_default_www_ssl_cert
|
when: evolinux_default_www_ssl_cert
|
||||||
|
|
||||||
# Nginx vhost
|
|
||||||
|
|
||||||
- name: is Nginx installed?
|
|
||||||
stat:
|
|
||||||
path: /etc/nginx/sites-available
|
|
||||||
check_mode: no
|
|
||||||
register: nginx_sites_available
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: nginx vhost is installed
|
|
||||||
template:
|
|
||||||
src: default_www/nginx_default_site.j2
|
|
||||||
dest: /etc/nginx/sites-available/000-default
|
|
||||||
mode: "0640"
|
|
||||||
# force: yes
|
|
||||||
notify: reload nginx
|
|
||||||
tags:
|
|
||||||
- nginx
|
|
||||||
|
|
||||||
- name: nginx vhost is enabled
|
|
||||||
file:
|
|
||||||
src: /etc/nginx/sites-available/000-default
|
|
||||||
dest: /etc/nginx/sites-enabled/000-default
|
|
||||||
state: link
|
|
||||||
notify: reload nginx
|
|
||||||
when: evolinux_default_www_nginx_enabled
|
|
||||||
tags:
|
|
||||||
- nginx
|
|
||||||
|
|
||||||
when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists
|
|
||||||
|
|
||||||
|
|
||||||
# Apache vhost
|
|
||||||
|
|
||||||
- name: is Apache installed?
|
|
||||||
stat:
|
|
||||||
path: /etc/apache2/sites-available
|
|
||||||
check_mode: no
|
|
||||||
register: apache_sites_available
|
|
||||||
|
|
||||||
- block:
|
|
||||||
- name: Apache vhost is installed
|
|
||||||
template:
|
|
||||||
src: default_www/apache_default_site.j2
|
|
||||||
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
|
||||||
mode: "0640"
|
|
||||||
# force: yes
|
|
||||||
notify: reload apache
|
|
||||||
tags:
|
|
||||||
- apache
|
|
||||||
|
|
||||||
- name: Apache vhost is enabled
|
|
||||||
file:
|
|
||||||
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
|
||||||
dest: /etc/apache2/sites-enabled/000-evolinux-default.conf
|
|
||||||
state: link
|
|
||||||
notify: reload apache
|
|
||||||
when: evolinux_default_www_apache_enabled
|
|
||||||
tags:
|
|
||||||
- apache
|
|
||||||
|
|
||||||
when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists
|
|
||||||
|
|
||||||
- meta: flush_handlers
|
- meta: flush_handlers
|
||||||
|
|
|
@ -57,15 +57,15 @@
|
||||||
<div id="container">
|
<div id="container">
|
||||||
<h1 class="hostname">{{ ansible_hostname }}</h1>
|
<h1 class="hostname">{{ ansible_hostname }}</h1>
|
||||||
|
|
||||||
<ul>
|
<ul id="evolinks">
|
||||||
<li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
|
<li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
|
||||||
<!--
|
<!--
|
||||||
<li><a href="/phpmyadmin-PHPMASECRET/">Accès PhpMyAdmin</a></li>
|
<li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>
|
||||||
<li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
|
<li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
|
||||||
<li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
|
<li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
|
||||||
<li><a href="/info.php">Infos PHP</a></li>
|
<li><a href="/info.php">Infos PHP</a></li>
|
||||||
<li><a href="/opcache.php">Infos OpCache PHP</a></li>
|
<li><a href="/opcache.php">Infos OpCache PHP</a></li>
|
||||||
<li><a href="/server-status-RANDOM_SERVERSTATUS/">Server Status</a></li>
|
<li><a href="/server-status-__SERVERSTATUS_SUFFIX__/">Server Status</a></li>
|
||||||
-->
|
-->
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
|
|
|
@ -4,3 +4,9 @@ nginx_private_ipaddr_whitelist_absent: []
|
||||||
|
|
||||||
nginx_private_htpasswd_present: []
|
nginx_private_htpasswd_present: []
|
||||||
nginx_private_htpasswd_absent: []
|
nginx_private_htpasswd_absent: []
|
||||||
|
|
||||||
|
nginx_default_redirect_url: "http://evolix.fr"
|
||||||
|
nginx_evolinux_default_enabled: True
|
||||||
|
|
||||||
|
# nginx_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}"
|
||||||
|
# nginx_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}"
|
||||||
|
|
|
@ -109,6 +109,38 @@
|
||||||
tags:
|
tags:
|
||||||
- nginx
|
- nginx
|
||||||
|
|
||||||
|
- name: nginx vhost is installed
|
||||||
|
template:
|
||||||
|
src: evolinux-default.conf.j2
|
||||||
|
dest: /etc/nginx/sites-available/evolinux-default.conf
|
||||||
|
mode: "0640"
|
||||||
|
notify: reload nginx
|
||||||
|
tags:
|
||||||
|
- nginx
|
||||||
|
|
||||||
|
- name: default vhost is enabled
|
||||||
|
file:
|
||||||
|
src: /etc/nginx/sites-available/evolinux-default.conf
|
||||||
|
dest: /etc/nginx/sites-enabled/default.conf
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
notify: reload nginx
|
||||||
|
when: nginx_evolinux_default_enabled
|
||||||
|
tags:
|
||||||
|
- nginx
|
||||||
|
|
||||||
|
# - name: replace phpmyadmin suffix in default site index
|
||||||
|
# replace:
|
||||||
|
# dest: /var/www/index.html
|
||||||
|
# regexp: '__PHPMYADMIN_SUFFIX__'
|
||||||
|
# replace: "{{ nginx_phpmyadmin_suffix }}"
|
||||||
|
#
|
||||||
|
# - name: replace server-status suffix in default site index
|
||||||
|
# replace:
|
||||||
|
# dest: /var/www/index.html
|
||||||
|
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||||
|
# replace: "{{ nginx_serverstatus_suffix }}"
|
||||||
|
|
||||||
- name: Verify that the service is enabled and started
|
- name: Verify that the service is enabled and started
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
|
|
|
@ -18,7 +18,7 @@ server {
|
||||||
|
|
||||||
access_log /var/log/nginx/access.log;
|
access_log /var/log/nginx/access.log;
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
error_page 403 {{ evolinux_default_www_redirect_url }};
|
error_page 403 {{ nginx_default_redirect_url }};
|
||||||
|
|
||||||
root /var/www;
|
root /var/www;
|
||||||
|
|
Loading…
Reference in a new issue