Merge branch 'packweb' into unstable
This commit is contained in:
commit
9abe3128f4
|
@ -4,3 +4,9 @@ apache_private_ipaddr_whitelist_absent: []
|
|||
|
||||
apache_private_htpasswd_present: []
|
||||
apache_private_htpasswd_absent: []
|
||||
|
||||
apache_default_redirect_url: "http://evolix.fr"
|
||||
apache_evolinux_default_enabled: True
|
||||
|
||||
apache_phpmyadmin_suffix: ""
|
||||
apache_serverstatus_suffix: ""
|
||||
|
|
|
@ -1,2 +1,2 @@
|
|||
# Whitelisted IP addresses, add `Include ipaddr_whitelist.conf` to use it
|
||||
#Allow from 192.0.2.42
|
||||
#Require ip 192.0.2.42
|
||||
|
|
|
@ -103,7 +103,7 @@
|
|||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
line: "Allow from {{ item }}"
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
|
@ -113,13 +113,20 @@
|
|||
- name: remove IP addresses from private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/private_ipaddr_whitelist.conf
|
||||
line: "Allow from {{ item }}"
|
||||
line: "Require ip {{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: include private IP whitelist for server-status
|
||||
lineinfile:
|
||||
dest: /etc/apache2/mods-available/status.conf
|
||||
line: " include /etc/apache2/private_ipaddr_whitelist.conf"
|
||||
insertafter: 'SetHandler server-status'
|
||||
state: present
|
||||
|
||||
- name: Copy private_htpasswd
|
||||
copy:
|
||||
src: private_htpasswd
|
||||
|
@ -152,6 +159,61 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- name: default vhost is installed
|
||||
template:
|
||||
src: evolinux-default.conf.j2
|
||||
dest: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: default vhost is enabled
|
||||
file:
|
||||
src: /etc/apache2/sites-available/000-evolinux-default.conf
|
||||
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||
state: link
|
||||
force: yes
|
||||
notify: reload apache
|
||||
when: apache_evolinux_default_enabled
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- block:
|
||||
- name: generate random string for phpmyadmin suffix
|
||||
command: "apg -a 1 -M N -n 1"
|
||||
changed_when: False
|
||||
register: _random_phpmyadmin_suffix
|
||||
|
||||
- name: overwrite apache_phpmyadmin_suffix
|
||||
set_fact:
|
||||
apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}"
|
||||
when: apache_phpmyadmin_suffix == ""
|
||||
|
||||
- name: replace phpmyadmin suffix in default site index
|
||||
replace:
|
||||
dest: /var/www/index.html
|
||||
regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
replace: "{{ apache_phpmyadmin_suffix }}"
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: _random_serverstatus_suffix
|
||||
#
|
||||
# - name: overwrite apache_serverstatus_suffix
|
||||
# set_fact:
|
||||
# apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}"
|
||||
# when: apache_serverstatus_suffix == ""
|
||||
#
|
||||
# - name: replace server-status suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
# replace: "{{ apache_serverstatus_suffix }}"
|
||||
|
||||
- name: is umask already present?
|
||||
command: "grep -E '^umask ' /etc/apache2/envvars"
|
||||
failed_when: False
|
||||
|
|
|
@ -1,35 +1,40 @@
|
|||
<VirtualHost *:80 *:443>
|
||||
<VirtualHost *:80>
|
||||
ServerName {{ ansible_fqdn }}
|
||||
ServerAdmin webmaster@localhost
|
||||
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
|
||||
# RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
||||
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:443>
|
||||
ServerName {{ ansible_fqdn }}
|
||||
ServerAdmin webmaster@localhost
|
||||
|
||||
DocumentRoot /var/www/
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/ssl/certs/{{ ansible_fqdn }}.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/{{ ansible_fqdn }}.key
|
||||
SSLProtocol all -SSLv2 -SSLv3
|
||||
# SSLProtocol all -SSLv2 -SSLv3
|
||||
|
||||
# Redirect to HTTPS, execpt for server-status, because Munin plugin
|
||||
# can't handle HTTPS! :(
|
||||
RewriteEngine on
|
||||
RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC]
|
||||
RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC]
|
||||
RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent]
|
||||
|
||||
<Directory />
|
||||
Options FollowSymLinks
|
||||
<Directory /var/www/>
|
||||
Options +Indexes +FollowSymLinks +MultiViews
|
||||
AllowOverride None
|
||||
Deny from all
|
||||
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
<Directory /var/www/>
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
Alias /munin /var/cache/munin/www
|
||||
<Directory /var/cache/munin/www/>
|
||||
Options +Indexes +FollowSymLinks +MultiViews
|
||||
AllowOverride None
|
||||
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
</Directory>
|
||||
|
||||
<Location /munin_opcache.php>
|
||||
Deny from all
|
||||
Allow from 127.0.0.1
|
||||
Include /etc/apache2/private_ipaddr_whitelist.conf
|
||||
</Location>
|
||||
|
||||
|
@ -39,13 +44,13 @@
|
|||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||
</Directory>
|
||||
|
||||
ErrorDocument 403 {{ evolinux_default_www_redirect_url }}
|
||||
ErrorDocument 403 {{ apache_default_redirect_url }}
|
||||
|
||||
CustomLog /var/log/apache2/access.log vhost_combined
|
||||
ErrorLog /var/log/apache2/error.log
|
||||
LogLevel warn
|
||||
|
||||
Alias /munin /var/cache/munin/www
|
||||
Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/
|
||||
Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/
|
||||
IncludeOptional /etc/apache2/conf-available/phpmyadmin*
|
||||
|
||||
<Files ~ "\.(inc|bak)$">
|
|
@ -9,6 +9,6 @@ evoadmin_log_dir: "{{ evoadmin_home_dir }}/log"
|
|||
evoadmin_scripts_dir: /usr/share/scripts/evoadmin/
|
||||
evoadmin_host: "evoadmin.{{ ansible_fqdn }}"
|
||||
evoadmin_username: evoadmin
|
||||
evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||
evoadmin_ssl_subject: "/CN={{ evoadmin_host }}"
|
||||
|
||||
evoadmin_enable_vhost: True
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
remote_src: no
|
||||
src: evolinux.conf.diff
|
||||
dest: /etc/proftpd/conf.d/z-evolinux.conf
|
||||
|
||||
# Why 440? Because should be edited with ftpasswd.
|
||||
# So, readonly when opened with vim.
|
||||
# Then readable by group.
|
||||
|
|
|
@ -40,3 +40,4 @@
|
|||
user:
|
||||
name: www-evoadmin
|
||||
groups: shadow
|
||||
append: yes
|
||||
|
|
|
@ -135,14 +135,6 @@ evolinux_default_www_files: True
|
|||
evolinux_default_www_ssl_cert: True
|
||||
evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}"
|
||||
|
||||
evolinux_default_www_nginx_vhost: True
|
||||
evolinux_default_www_nginx_enabled: False
|
||||
|
||||
evolinux_default_www_apache_vhost: True
|
||||
evolinux_default_www_apache_enabled: False
|
||||
|
||||
evolinux_default_www_redirect_url: "http://evolix.fr"
|
||||
|
||||
# hardware
|
||||
|
||||
evolinux_hardware_include: True
|
||||
|
|
|
@ -48,67 +48,4 @@
|
|||
creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt"
|
||||
when: evolinux_default_www_ssl_cert
|
||||
|
||||
# Nginx vhost
|
||||
|
||||
- name: is Nginx installed?
|
||||
stat:
|
||||
path: /etc/nginx/sites-available
|
||||
check_mode: no
|
||||
register: nginx_sites_available
|
||||
|
||||
- block:
|
||||
- name: nginx vhost is installed
|
||||
template:
|
||||
src: default_www/nginx_default_site.j2
|
||||
dest: /etc/nginx/sites-available/000-default
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: nginx vhost is enabled
|
||||
file:
|
||||
src: /etc/nginx/sites-available/000-default
|
||||
dest: /etc/nginx/sites-enabled/000-default
|
||||
state: link
|
||||
notify: reload nginx
|
||||
when: evolinux_default_www_nginx_enabled
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists
|
||||
|
||||
|
||||
# Apache vhost
|
||||
|
||||
- name: is Apache installed?
|
||||
stat:
|
||||
path: /etc/apache2/sites-available
|
||||
check_mode: no
|
||||
register: apache_sites_available
|
||||
|
||||
- block:
|
||||
- name: Apache vhost is installed
|
||||
template:
|
||||
src: default_www/apache_default_site.j2
|
||||
dest: /etc/apache2/sites-available/000-default.conf
|
||||
mode: "0640"
|
||||
# force: yes
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: Apache vhost is enabled
|
||||
file:
|
||||
src: /etc/apache2/sites-available/000-default.conf
|
||||
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||
state: link
|
||||
notify: reload apache
|
||||
when: evolinux_default_www_apache_enabled
|
||||
tags:
|
||||
- apache
|
||||
|
||||
when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists
|
||||
|
||||
- meta: flush_handlers
|
||||
|
|
|
@ -6,50 +6,49 @@
|
|||
<link rel="icon" type="image/ico" href="img/favicon.ico" />
|
||||
<title>{{ ansible_hostname }}</title>
|
||||
<style type="text/css">
|
||||
body, html {
|
||||
margin: auto;
|
||||
font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
|
||||
font-size: 14px;
|
||||
border-top: #86CBE7 solid 1px;
|
||||
}
|
||||
#container {
|
||||
padding-top: 20px;
|
||||
width: 500px;
|
||||
margin: auto;
|
||||
overflow: hidden;
|
||||
}
|
||||
h1.hostname {
|
||||
padding-top: 50px;
|
||||
color: #373637;
|
||||
border-bottom: 1px solid #a9a9a9;
|
||||
background-image: url(./img/background-top.png);
|
||||
background-repeat: no-repeat;
|
||||
background-position: 245px 5px;
|
||||
}
|
||||
ul {
|
||||
list-style-type: none;
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
li:before
|
||||
{
|
||||
content: "• ";
|
||||
color: #373637;
|
||||
}
|
||||
a {
|
||||
color: #86CBE7;
|
||||
text-decoration: none;
|
||||
}
|
||||
a:hover {
|
||||
color: #373637;
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer {
|
||||
border-top: 1px solid #a9a9a9;
|
||||
padding-top: 5px;
|
||||
font-size: 12px;
|
||||
text-align: right;
|
||||
}
|
||||
body, html {
|
||||
margin: auto;
|
||||
font-family: "Open Sans","Helvetica Neue",Helvetica,Arial,sans-serif;
|
||||
font-size: 14px;
|
||||
border-top: #86CBE7 solid 1px;
|
||||
}
|
||||
#container {
|
||||
padding-top: 20px;
|
||||
width: 500px;
|
||||
margin: auto;
|
||||
overflow: hidden;
|
||||
}
|
||||
h1.hostname {
|
||||
padding-top: 50px;
|
||||
color: #373637;
|
||||
border-bottom: 1px solid #a9a9a9;
|
||||
background-image: url(./img/background-top.png);
|
||||
background-repeat: no-repeat;
|
||||
background-position: 245px 5px;
|
||||
}
|
||||
ul {
|
||||
list-style-type: none;
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
li:before {
|
||||
content: "• ";
|
||||
color: #373637;
|
||||
}
|
||||
a {
|
||||
color: #86CBE7;
|
||||
text-decoration: none;
|
||||
}
|
||||
a:hover {
|
||||
color: #373637;
|
||||
text-decoration: none;
|
||||
}
|
||||
p.footer {
|
||||
border-top: 1px solid #a9a9a9;
|
||||
padding-top: 5px;
|
||||
font-size: 12px;
|
||||
text-align: right;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
|
@ -57,15 +56,15 @@
|
|||
<div id="container">
|
||||
<h1 class="hostname">{{ ansible_hostname }}</h1>
|
||||
|
||||
<ul>
|
||||
<ul id="evolinks">
|
||||
<li><a href="/munin/{{ ansible_domain }}/{{ ansible_fqdn }}/">Stats système</a></li>
|
||||
<li><a href="/server-status">Server Status</a></li>
|
||||
<!--
|
||||
<li><a href="/phpmyadmin-PHPMASECRET/">Accès PhpMyAdmin</a></li>
|
||||
<li><a href="/phpmyadmin-__PHPMYADMIN_SUFFIX__/">Accès PhpMyAdmin</a></li>
|
||||
<li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
|
||||
<li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
|
||||
<li><a href="/info.php">Infos PHP</a></li>
|
||||
<li><a href="/opcache.php">Infos OpCache PHP</a></li>
|
||||
<li><a href="/server-status-RANDOM_SERVERSTATUS/">Server Status</a></li>
|
||||
-->
|
||||
</ul>
|
||||
|
||||
|
|
|
@ -4,3 +4,9 @@ nginx_private_ipaddr_whitelist_absent: []
|
|||
|
||||
nginx_private_htpasswd_present: []
|
||||
nginx_private_htpasswd_absent: []
|
||||
|
||||
nginx_default_redirect_url: "http://evolix.fr"
|
||||
nginx_evolinux_default_enabled: True
|
||||
|
||||
# nginx_phpmyadmin_suffix: ""
|
||||
# nginx_serverstatus_suffix: ""
|
||||
|
|
|
@ -109,6 +109,60 @@
|
|||
tags:
|
||||
- nginx
|
||||
|
||||
- name: nginx vhost is installed
|
||||
template:
|
||||
src: evolinux-default.conf.j2
|
||||
dest: /etc/nginx/sites-available/evolinux-default.conf
|
||||
mode: "0640"
|
||||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: default vhost is enabled
|
||||
file:
|
||||
src: /etc/nginx/sites-available/evolinux-default.conf
|
||||
dest: /etc/nginx/sites-enabled/default.conf
|
||||
state: link
|
||||
force: yes
|
||||
notify: reload nginx
|
||||
when: nginx_evolinux_default_enabled
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
# - block:
|
||||
# - name: generate random string for phpmyadmin suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: random_phpmyadmin_suffix
|
||||
#
|
||||
# - name: overwrite nginx_phpmyadmin_suffix
|
||||
# set_fact:
|
||||
# nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
||||
# when: nginx_phpmyadmin_suffix == ""
|
||||
#
|
||||
# - name: replace phpmyadmin suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__PHPMYADMIN_SUFFIX__'
|
||||
# replace: "{{ nginx_phpmyadmin_suffix }}"
|
||||
#
|
||||
# - block:
|
||||
# - name: generate random string for serverstatus suffix
|
||||
# command: "apg -a 1 -M N -n 1"
|
||||
# changed_when: False
|
||||
# register: random_serverstatus_suffix
|
||||
#
|
||||
# - name: overwrite nginx_serverstatus_suffix
|
||||
# set_fact:
|
||||
# nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
||||
# when: nginx_serverstatus_suffix == ""
|
||||
#
|
||||
# - name: replace server-status suffix in default site index
|
||||
# replace:
|
||||
# dest: /var/www/index.html
|
||||
# regexp: '__SERVERSTATUS_SUFFIX__'
|
||||
# replace: "{{ nginx_serverstatus_suffix }}"
|
||||
|
||||
- name: Verify that the service is enabled and started
|
||||
service:
|
||||
name: nginx
|
||||
|
|
|
@ -18,7 +18,7 @@ server {
|
|||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
error_page 403 {{ evolinux_default_www_redirect_url }};
|
||||
error_page 403 {{ nginx_default_redirect_url }};
|
||||
|
||||
root /var/www;
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
---
|
||||
|
||||
# TODO: ...
|
Loading…
Reference in a new issue