Add Apache role

2016-10-11 03:58:51 +02:00 · 2016-10-11 03:58:51 +02:00 · 4328f2cdec
parent 20cfbdaf75
commit 4328f2cdec
4 changed files with 48 additions and 0 deletions
--- a/apache/README.md
+++ b/apache/README.md
@ -0,0 +1,7 @@
+# apache
+
+Install Apache
+
+## Tasks
+
+Everything is in the `tasks/main.yml` file for now.
--- a/apache/files/ipaddr_whitelist.conf
+++ b/apache/files/ipaddr_whitelist.conf
@ -0,0 +1 @@
+#Allow from 192.0.2.42
--- a/apache/files/z_evolix.conf
+++ b/apache/files/z_evolix.conf
@ -0,0 +1,14 @@
+ServerTokens Prod
+Timeout 10
+KeepAliveTimeout 2
+MaxKeepAliveRequests 10
+MaxClients 250
+ServerLimit 250
+StartServers 50
+MinSpareServers 20
+MaxSpareServers 30
+MaxRequestsPerChild 0
+<Directory /home/>
+    AllowOverride None
+    Require all granted
+</Directory>
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@ -0,0 +1,26 @@
+- name: ensure packages are installed
+  apt:
+    name: '{{ item }}'
+    state: installed
+  with_items:
+    - apache2-mpm-itk
+    - apachetop
+    - libapache2-mod-evasive
+    - libwww-perl
+
+- name: ensure basic modules are enabled
+  command: a2enmod rewrite expires headers rewrite cgi
+  changed_when: false
+
+- name : copy Apache default config
+  copy: src=z_evolix.conf  dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644
+
+- name: ensure Apache default config is enabled
+  command: a2enconf z_evolix.conf
+  changed_when: false
+
+- name: init ipaddr_whitelist.conf file
+  copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no
+
+- name : ensure umask is in envvars
+  lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 077"