From e11b2e5a38c236bd87bc7d9df2fb0347c8da2f08 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 5 Jul 2017 11:46:52 +0200 Subject: [PATCH 01/11] Use evoadmin_host for the TLS certificate --- evoadmin/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evoadmin/defaults/main.yml b/evoadmin/defaults/main.yml index 30ba8010..35cdcb6c 100644 --- a/evoadmin/defaults/main.yml +++ b/evoadmin/defaults/main.yml @@ -9,6 +9,6 @@ evoadmin_log_dir: "{{ evoadmin_home_dir }}/log" evoadmin_scripts_dir: /usr/share/scripts/evoadmin/ evoadmin_host: "evoadmin.{{ ansible_fqdn }}" evoadmin_username: evoadmin -evoadmin_ssl_subject: "/CN={{ ansible_fqdn }}" +evoadmin_ssl_subject: "/CN={{ evoadmin_host }}" evoadmin_enable_vhost: True From 666dc7ba2add3d3888d4870891fe1258f454d183 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 5 Jul 2017 11:47:22 +0200 Subject: [PATCH 02/11] evoadmin: append group instead of replacing --- evoadmin/tasks/web.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/evoadmin/tasks/web.yml b/evoadmin/tasks/web.yml index 7bbc67be..5c4795f0 100644 --- a/evoadmin/tasks/web.yml +++ b/evoadmin/tasks/web.yml @@ -40,3 +40,4 @@ user: name: www-evoadmin groups: shadow + append: yes From e99145231b7bb908e95b7ae260f352ce940dc202 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 5 Jul 2017 11:49:33 +0200 Subject: [PATCH 03/11] remove useless file --- packweb-apache/tasks/web-add.yml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 packweb-apache/tasks/web-add.yml diff --git a/packweb-apache/tasks/web-add.yml b/packweb-apache/tasks/web-add.yml deleted file mode 100644 index 60bc20a8..00000000 --- a/packweb-apache/tasks/web-add.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- - -# TODO: ... From 57f6b45570b50ee4bda1d0d0526b119a66f8ffde Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 5 Jul 2017 11:49:53 +0200 Subject: [PATCH 04/11] whitespaces --- evoadmin/tasks/ftp.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/evoadmin/tasks/ftp.yml b/evoadmin/tasks/ftp.yml index e4eacabf..83913d01 100644 --- a/evoadmin/tasks/ftp.yml +++ b/evoadmin/tasks/ftp.yml @@ -11,6 +11,7 @@ remote_src: no src: evolinux.conf.diff dest: /etc/proftpd/conf.d/z-evolinux.conf + # Why 440? Because should be edited with ftpasswd. # So, readonly when opened with vim. # Then readable by group. From de37aac243765964d29c13e027c87541a0200567 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 5 Jul 2017 11:50:04 +0200 Subject: [PATCH 05/11] Don't overwrite default apache vhost --- evolinux-base/tasks/default_www.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 0fdf03f9..209fe7e2 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -92,7 +92,7 @@ - name: Apache vhost is installed template: src: default_www/apache_default_site.j2 - dest: /etc/apache2/sites-available/000-default.conf + dest: /etc/apache2/sites-available/000-evolinux-default.conf mode: "0640" # force: yes notify: reload apache @@ -101,8 +101,8 @@ - name: Apache vhost is enabled file: - src: /etc/apache2/sites-available/000-default.conf - dest: /etc/apache2/sites-enabled/000-default.conf + src: /etc/apache2/sites-available/000-evolinux-default.conf + dest: /etc/apache2/sites-enabled/000-evolinux-default.conf state: link notify: reload apache when: evolinux_default_www_apache_enabled From 0e0bc1cbbddff69b2e57c9a2ccf877cd33d9dd71 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 5 Jul 2017 18:22:00 +0200 Subject: [PATCH 06/11] Split default vhost into nginx ad apache roles --- apache/defaults/main.yml | 6 ++ apache/tasks/main.yml | 33 ++++++++++ .../templates/evolinux-default.conf.j2 | 5 +- evolinux-base/defaults/main.yml | 8 --- evolinux-base/tasks/default_www.yml | 63 ------------------- .../templates/default_www/index.html.j2 | 6 +- nginx/defaults/main.yml | 6 ++ nginx/tasks/main.yml | 32 ++++++++++ .../templates/evolinux-default.conf.j2 | 2 +- 9 files changed, 84 insertions(+), 77 deletions(-) rename evolinux-base/templates/default_www/apache_default_site.j2 => apache/templates/evolinux-default.conf.j2 (90%) rename evolinux-base/templates/default_www/nginx_default_site.j2 => nginx/templates/evolinux-default.conf.j2 (95%) diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml index 70140cad..10be7acb 100644 --- a/apache/defaults/main.yml +++ b/apache/defaults/main.yml @@ -4,3 +4,9 @@ apache_private_ipaddr_whitelist_absent: [] apache_private_htpasswd_present: [] apache_private_htpasswd_absent: [] + +apache_default_redirect_url: "http://evolix.fr" +apache_evolinux_default_enabled: True + +apache_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}" +apache_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}" diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index dce83867..8f5b51c4 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -152,6 +152,39 @@ tags: - apache +- name: default vhost is installed + template: + src: evolinux-default.conf.j2 + dest: /etc/apache2/sites-available/000-evolinux-default.conf + mode: "0640" + # force: yes + notify: reload apache + tags: + - apache + +- name: default vhost is enabled + file: + src: /etc/apache2/sites-available/000-evolinux-default.conf + dest: /etc/apache2/sites-enabled/000-default.conf + state: link + force: yes + notify: reload apache + when: apache_evolinux_default_enabled + tags: + - apache + +- name: replace phpmyadmin suffix in default site index + replace: + dest: /var/www/index.html + regexp: '__PHPMYADMIN_SUFFIX__' + replace: "{{ apache_phpmyadmin_suffix }}" + +- name: replace server-status suffix in default site index + replace: + dest: /var/www/index.html + regexp: '__SERVERSTATUS_SUFFIX__' + replace: "{{ apache_serverstatus_suffix }}" + - name: is umask already present? command: "grep -E '^umask ' /etc/apache2/envvars" failed_when: False diff --git a/evolinux-base/templates/default_www/apache_default_site.j2 b/apache/templates/evolinux-default.conf.j2 similarity index 90% rename from evolinux-base/templates/default_www/apache_default_site.j2 rename to apache/templates/evolinux-default.conf.j2 index 8f29785a..3c56568a 100644 --- a/evolinux-base/templates/default_www/apache_default_site.j2 +++ b/apache/templates/evolinux-default.conf.j2 @@ -11,6 +11,7 @@ # Redirect to HTTPS, execpt for server-status, because Munin plugin # can't handle HTTPS! :( RewriteEngine on + RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC] RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent] @@ -39,13 +40,13 @@ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch - ErrorDocument 403 {{ evolinux_default_www_redirect_url }} + ErrorDocument 403 {{ apache_default_redirect_url }} CustomLog /var/log/apache2/access.log vhost_combined ErrorLog /var/log/apache2/error.log LogLevel warn Alias /munin /var/cache/munin/www - Alias /phpmyadmin-SED_RANDOM /usr/share/phpmyadmin/ + Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/ IncludeOptional /etc/apache2/conf-available/phpmyadmin* diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml index 50635b05..26428674 100644 --- a/evolinux-base/defaults/main.yml +++ b/evolinux-base/defaults/main.yml @@ -135,14 +135,6 @@ evolinux_default_www_files: True evolinux_default_www_ssl_cert: True evolinux_default_www_ssl_subject: "/CN={{ ansible_fqdn }}" -evolinux_default_www_nginx_vhost: True -evolinux_default_www_nginx_enabled: False - -evolinux_default_www_apache_vhost: True -evolinux_default_www_apache_enabled: False - -evolinux_default_www_redirect_url: "http://evolix.fr" - # hardware evolinux_hardware_include: True diff --git a/evolinux-base/tasks/default_www.yml b/evolinux-base/tasks/default_www.yml index 209fe7e2..b6219772 100644 --- a/evolinux-base/tasks/default_www.yml +++ b/evolinux-base/tasks/default_www.yml @@ -48,67 +48,4 @@ creates: "/etc/ssl/certs/{{ ansible_fqdn }}.crt" when: evolinux_default_www_ssl_cert -# Nginx vhost - -- name: is Nginx installed? - stat: - path: /etc/nginx/sites-available - check_mode: no - register: nginx_sites_available - -- block: - - name: nginx vhost is installed - template: - src: default_www/nginx_default_site.j2 - dest: /etc/nginx/sites-available/000-default - mode: "0640" - # force: yes - notify: reload nginx - tags: - - nginx - - - name: nginx vhost is enabled - file: - src: /etc/nginx/sites-available/000-default - dest: /etc/nginx/sites-enabled/000-default - state: link - notify: reload nginx - when: evolinux_default_www_nginx_enabled - tags: - - nginx - - when: evolinux_default_www_nginx_vhost and nginx_sites_available.stat.exists - - -# Apache vhost - -- name: is Apache installed? - stat: - path: /etc/apache2/sites-available - check_mode: no - register: apache_sites_available - -- block: - - name: Apache vhost is installed - template: - src: default_www/apache_default_site.j2 - dest: /etc/apache2/sites-available/000-evolinux-default.conf - mode: "0640" - # force: yes - notify: reload apache - tags: - - apache - - - name: Apache vhost is enabled - file: - src: /etc/apache2/sites-available/000-evolinux-default.conf - dest: /etc/apache2/sites-enabled/000-evolinux-default.conf - state: link - notify: reload apache - when: evolinux_default_www_apache_enabled - tags: - - apache - - when: evolinux_default_www_apache_vhost and apache_sites_available.stat.exists - - meta: flush_handlers diff --git a/evolinux-base/templates/default_www/index.html.j2 b/evolinux-base/templates/default_www/index.html.j2 index 25a967b4..717b93c6 100644 --- a/evolinux-base/templates/default_www/index.html.j2 +++ b/evolinux-base/templates/default_www/index.html.j2 @@ -57,15 +57,15 @@

{{ ansible_hostname }}

-
    + diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index bff60300..e9423c72 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -4,3 +4,9 @@ nginx_private_ipaddr_whitelist_absent: [] nginx_private_htpasswd_present: [] nginx_private_htpasswd_absent: [] + +nginx_default_redirect_url: "http://evolix.fr" +nginx_evolinux_default_enabled: True + +# nginx_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}" +# nginx_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}" diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml index caffaad1..69eca6d4 100644 --- a/nginx/tasks/main.yml +++ b/nginx/tasks/main.yml @@ -109,6 +109,38 @@ tags: - nginx +- name: nginx vhost is installed + template: + src: evolinux-default.conf.j2 + dest: /etc/nginx/sites-available/evolinux-default.conf + mode: "0640" + notify: reload nginx + tags: + - nginx + +- name: default vhost is enabled + file: + src: /etc/nginx/sites-available/evolinux-default.conf + dest: /etc/nginx/sites-enabled/default.conf + state: link + force: yes + notify: reload nginx + when: nginx_evolinux_default_enabled + tags: + - nginx + +# - name: replace phpmyadmin suffix in default site index +# replace: +# dest: /var/www/index.html +# regexp: '__PHPMYADMIN_SUFFIX__' +# replace: "{{ nginx_phpmyadmin_suffix }}" +# +# - name: replace server-status suffix in default site index +# replace: +# dest: /var/www/index.html +# regexp: '__SERVERSTATUS_SUFFIX__' +# replace: "{{ nginx_serverstatus_suffix }}" + - name: Verify that the service is enabled and started service: name: nginx diff --git a/evolinux-base/templates/default_www/nginx_default_site.j2 b/nginx/templates/evolinux-default.conf.j2 similarity index 95% rename from evolinux-base/templates/default_www/nginx_default_site.j2 rename to nginx/templates/evolinux-default.conf.j2 index 803ff4ad..1e1ceab5 100644 --- a/evolinux-base/templates/default_www/nginx_default_site.j2 +++ b/nginx/templates/evolinux-default.conf.j2 @@ -18,7 +18,7 @@ server { access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; - error_page 403 {{ evolinux_default_www_redirect_url }}; + error_page 403 {{ nginx_default_redirect_url }}; root /var/www; From 34f6354a9e61f71ac2a896c4909495053f2d416c Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 6 Jul 2017 11:33:35 +0200 Subject: [PATCH 07/11] random suffices for phpmyadmin abnd server-status with apg --- apache/defaults/main.yml | 4 ++-- apache/tasks/main.yml | 22 ++++++++++++++++++++++ nginx/defaults/main.yml | 4 ++-- nginx/tasks/main.yml | 22 ++++++++++++++++++++++ 4 files changed, 48 insertions(+), 4 deletions(-) diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml index 10be7acb..325e6056 100644 --- a/apache/defaults/main.yml +++ b/apache/defaults/main.yml @@ -8,5 +8,5 @@ apache_private_htpasswd_absent: [] apache_default_redirect_url: "http://evolix.fr" apache_evolinux_default_enabled: True -apache_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}" -apache_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}" +apache_phpmyadmin_suffix: "" +apache_serverstatus_suffix: "" diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index 8f5b51c4..78055141 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -173,12 +173,34 @@ tags: - apache +- block: + - name: generate random string for phpmyadmin suffix + command: "apg -a 1 -M N -n 1" + changed_when: False + register: _random_phpmyadmin_suffix + + - name: overwrite apache_phpmyadmin_suffix + set_fact: + apache_phpmyadmin_suffix: "{{ _random_phpmyadmin_suffix.stdout }}" + when: apache_phpmyadmin_suffix == "" + - name: replace phpmyadmin suffix in default site index replace: dest: /var/www/index.html regexp: '__PHPMYADMIN_SUFFIX__' replace: "{{ apache_phpmyadmin_suffix }}" +- block: + - name: generate random string for serverstatus suffix + command: "apg -a 1 -M N -n 1" + changed_when: False + register: _random_serverstatus_suffix + + - name: overwrite apache_serverstatus_suffix + set_fact: + apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}" + when: apache_serverstatus_suffix == "" + - name: replace server-status suffix in default site index replace: dest: /var/www/index.html diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index e9423c72..10a4b83e 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -8,5 +8,5 @@ nginx_private_htpasswd_absent: [] nginx_default_redirect_url: "http://evolix.fr" nginx_evolinux_default_enabled: True -# nginx_phpmyadmin_suffix: "{{ lookup('env', 'RANDOM') }}" -# nginx_serverstatus_suffix: "{{ lookup('env', 'RANDOM') }}" +# nginx_phpmyadmin_suffix: "" +# nginx_serverstatus_suffix: "" diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml index 69eca6d4..0fe672a7 100644 --- a/nginx/tasks/main.yml +++ b/nginx/tasks/main.yml @@ -129,12 +129,34 @@ tags: - nginx +# - block: +# - name: generate random string for phpmyadmin suffix +# command: "apg -a 1 -M N -n 1" +# changed_when: False +# register: random_phpmyadmin_suffix +# +# - name: overwrite nginx_phpmyadmin_suffix +# set_fact: +# nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}" +# when: nginx_phpmyadmin_suffix == "" +# # - name: replace phpmyadmin suffix in default site index # replace: # dest: /var/www/index.html # regexp: '__PHPMYADMIN_SUFFIX__' # replace: "{{ nginx_phpmyadmin_suffix }}" # +# - block: +# - name: generate random string for serverstatus suffix +# command: "apg -a 1 -M N -n 1" +# changed_when: False +# register: random_serverstatus_suffix +# +# - name: overwrite nginx_serverstatus_suffix +# set_fact: +# nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}" +# when: nginx_serverstatus_suffix == "" +# # - name: replace server-status suffix in default site index # replace: # dest: /var/www/index.html From 242c005f6d35d929a612e1710d2293558e7ae966 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 6 Jul 2017 14:51:40 +0200 Subject: [PATCH 08/11] Fix default web page * split 80/443 * use modern authorization syntax * reorganize the VHost file --- apache/files/private_ipaddr_whitelist.conf | 2 +- apache/tasks/main.yml | 11 ++++-- apache/templates/evolinux-default.conf.j2 | 40 ++++++++++++---------- 3 files changed, 32 insertions(+), 21 deletions(-) diff --git a/apache/files/private_ipaddr_whitelist.conf b/apache/files/private_ipaddr_whitelist.conf index 34e7da20..6c42b58c 100644 --- a/apache/files/private_ipaddr_whitelist.conf +++ b/apache/files/private_ipaddr_whitelist.conf @@ -1,2 +1,2 @@ # Whitelisted IP addresses, add `Include ipaddr_whitelist.conf` to use it -#Allow from 192.0.2.42 +#Require ip 192.0.2.42 diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index 78055141..a90a3144 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -103,7 +103,7 @@ - name: add IP addresses to private IP whitelist lineinfile: dest: /etc/apache2/private_ipaddr_whitelist.conf - line: "Allow from {{ item }}" + line: "Require ip {{ item }}" state: present with_items: "{{ apache_private_ipaddr_whitelist_present }}" notify: reload apache @@ -113,13 +113,20 @@ - name: remove IP addresses from private IP whitelist lineinfile: dest: /etc/apache2/private_ipaddr_whitelist.conf - line: "Allow from {{ item }}" + line: "Require ip {{ item }}" state: absent with_items: "{{ apache_private_ipaddr_whitelist_absent }}" notify: reload apache tags: - apache +- name: include private IP whitelist for server-status + lineinfile: + dest: /etc/apache2/mods-available/status.conf + line: " include /etc/apache2/private_ipaddr_whitelist.conf" + insertafter: 'SetHandler server-status' + state: present + - name: Copy private_htpasswd copy: src: private_htpasswd diff --git a/apache/templates/evolinux-default.conf.j2 b/apache/templates/evolinux-default.conf.j2 index 3c56568a..744c4319 100644 --- a/apache/templates/evolinux-default.conf.j2 +++ b/apache/templates/evolinux-default.conf.j2 @@ -1,36 +1,40 @@ - + ServerName {{ ansible_fqdn }} ServerAdmin webmaster@localhost + + RewriteEngine on + RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] + # RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC] + RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent] + + + + ServerName {{ ansible_fqdn }} + ServerAdmin webmaster@localhost + DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /etc/ssl/certs/{{ ansible_fqdn }}.crt SSLCertificateKeyFile /etc/ssl/private/{{ ansible_fqdn }}.key - SSLProtocol all -SSLv2 -SSLv3 + # SSLProtocol all -SSLv2 -SSLv3 - # Redirect to HTTPS, execpt for server-status, because Munin plugin - # can't handle HTTPS! :( - RewriteEngine on - RewriteCond %{HTTPS} !=on - RewriteCond %{REQUEST_URI} !^/server-status.*$ [NC] - RewriteCond %{REQUEST_URI} !^/munin_opcache.php$ [NC] - RewriteRule ^/(.*) https://{{ ansible_fqdn }}/$1 [L,R=permanent] - - - Options FollowSymLinks + + Options +Indexes +FollowSymLinks +MultiViews AllowOverride None - Deny from all + Include /etc/apache2/private_ipaddr_whitelist.conf - - Options Indexes FollowSymLinks MultiViews + Alias /munin /var/cache/munin/www + + Options +Indexes +FollowSymLinks +MultiViews AllowOverride None + + Include /etc/apache2/private_ipaddr_whitelist.conf - Deny from all - Allow from 127.0.0.1 Include /etc/apache2/private_ipaddr_whitelist.conf @@ -41,11 +45,11 @@ ErrorDocument 403 {{ apache_default_redirect_url }} + CustomLog /var/log/apache2/access.log vhost_combined ErrorLog /var/log/apache2/error.log LogLevel warn - Alias /munin /var/cache/munin/www Alias /phpmyadmin-{{ apache_phpmyadmin_suffix }} /usr/share/phpmyadmin/ IncludeOptional /etc/apache2/conf-available/phpmyadmin* From 3d77f086ed222bb2cb7738d0d6b75dfed26b558b Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 6 Jul 2017 14:53:52 +0200 Subject: [PATCH 09/11] Disable random URL for server-status (probably temporary) --- apache/tasks/main.yml | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index a90a3144..cf3dc16b 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -197,22 +197,22 @@ regexp: '__PHPMYADMIN_SUFFIX__' replace: "{{ apache_phpmyadmin_suffix }}" -- block: - - name: generate random string for serverstatus suffix - command: "apg -a 1 -M N -n 1" - changed_when: False - register: _random_serverstatus_suffix - - - name: overwrite apache_serverstatus_suffix - set_fact: - apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}" - when: apache_serverstatus_suffix == "" - -- name: replace server-status suffix in default site index - replace: - dest: /var/www/index.html - regexp: '__SERVERSTATUS_SUFFIX__' - replace: "{{ apache_serverstatus_suffix }}" +# - block: +# - name: generate random string for serverstatus suffix +# command: "apg -a 1 -M N -n 1" +# changed_when: False +# register: _random_serverstatus_suffix +# +# - name: overwrite apache_serverstatus_suffix +# set_fact: +# apache_serverstatus_suffix: "{{ _random_serverstatus_suffix.stdout }}" +# when: apache_serverstatus_suffix == "" +# +# - name: replace server-status suffix in default site index +# replace: +# dest: /var/www/index.html +# regexp: '__SERVERSTATUS_SUFFIX__' +# replace: "{{ apache_serverstatus_suffix }}" - name: is umask already present? command: "grep -E '^umask ' /etc/apache2/envvars" From 553025d199be2f8269347eba842bdc7f95c393c1 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 6 Jul 2017 14:55:22 +0200 Subject: [PATCH 10/11] enable server-status in default site --- evolinux-base/templates/default_www/index.html.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evolinux-base/templates/default_www/index.html.j2 b/evolinux-base/templates/default_www/index.html.j2 index 717b93c6..49c20a79 100644 --- a/evolinux-base/templates/default_www/index.html.j2 +++ b/evolinux-base/templates/default_www/index.html.j2 @@ -59,13 +59,13 @@ From 0fdc1565a89a5e3171910194709088902eb34492 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 6 Jul 2017 14:56:44 +0200 Subject: [PATCH 11/11] Default site CSS slightly beautified --- .../templates/default_www/index.html.j2 | 87 +++++++++---------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/evolinux-base/templates/default_www/index.html.j2 b/evolinux-base/templates/default_www/index.html.j2 index 49c20a79..dc8e0ce3 100644 --- a/evolinux-base/templates/default_www/index.html.j2 +++ b/evolinux-base/templates/default_www/index.html.j2 @@ -6,50 +6,49 @@ {{ ansible_hostname }}