evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Improvments on Apache role

Browse source
This commit is contained in:
Gregory Colpart 2016-10-11 15:46:35 +02:00 committed by Jérémy Lecour
parent 4328f2cdec
commit 241f3f13fd
5 changed files with 35 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
apache/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
apache_ipaddr_whitelist: [ "1.2.3.4" ]

1
apache/files/ipaddr_whitelist.conf
View file

@ -1 +1,2 @@
# Whitelisted IP addresses, add `Include ipaddr_whitelist.conf` to use it
#Allow from 192.0.2.42

5
apache/files/zzz_evolix.conf Normal file
View file

@ -0,0 +1,5 @@
#MaxClients 500
#ServerLimit 500
#StartServers 100
#MinSpareServers 40
#MaxSpareServers 60

25
apache/tasks/main.yml
View file

@ -13,14 +13,31 @@
changed_when: false
- name : copy Apache default config
copy: src=z_evolix.conf dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644
copy: src=z_evolix.conf dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644
- name : copy Apache override config
copy: src=zzz_evolix.conf dest=/etc/apache2/conf-available/zzz_evolix.conf owner=root group=root mode=0640 force=no
- name: ensure Apache default config is enabled
command: a2enconf z_evolix.conf
command: a2enconf z_evolix.conf zzz_evolix.conf
changed_when: false
- name: init ipaddr_whitelist.conf file
copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no
- name : ensure umask is in envvars
lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 077"
- name: add IP addresses to private IP whitelist
lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Allow from {{ item }}"
state: present
with_items: "{{ apache_ipaddr_whitelist }}"
- name: add a mark in envvars for umask
blockinfile:
dest: /etc/apache2/envvars
block: |
## Set umask for writing by Apache user.
## Set rights on files and directories written by Apache
- name : ensure umask is set in envvars (default is umask 007)
lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 007"

15
vagrant.yml
View file

@ -2,13 +2,12 @@
- hosts: all
gather_facts: yes
become: yes
# vars_files:
# - 'vars/main.yml'
roles:
# - { role: apt-upgrade, apt_upgrade_mode: safe }
- apt-upgrade
- munin
- monit
- redis
- { role: rbenv, username: 'vagrant' }
#- { role: apt-upgrade, apt_upgrade_mode: safe }
#- apt-upgrade
#- munin
#- monit
#- redis
#- { role: rbenv, username: 'vagrant' }
#- apache