Merge branch 'htpasswd_evoadmin' into unstable

This commit is contained in:
Patrick Marchand 2019-09-20 10:06:20 -04:00
commit a358db065b
5 changed files with 44 additions and 1 deletions

View File

@ -16,6 +16,7 @@ The **patch** part changes incrementally at each release.
* php: variable to install the mysqlnd module instead of the default mysql module
* packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
* webapps/evoadmin-web Overload templates if needed
* webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
* redis: max clients is configurable
* generate-ldif: support MariaDB 10.3
* mysql: activate binary logs by specifying log_bin path

View File

@ -32,4 +32,15 @@ And force it to update:
- "templates/evoadmin-web/sudoers.j2"
- "sudoers.j2"
And force it to update:
evoadmin_sudoers_conf_force: True
evoadmin_sudoers_conf_force: True
# Set evoadmin-web sudoers file
evoadmin_htpasswd: true
Overwrite its template:
- "templates/evoadmin-web/htpasswd.{{ inventory_hostname }}.j2"
- "templates/evoadmin-web/htpasswd.{{ host_group }}.j2"
- "templates/evoadmin-web/htpasswd.j2"
- "htpasswd.j2"
And force it to update:
evoadmin_htpasswd_force: true

View File

@ -18,6 +18,8 @@ evoadmin_config_local_php_force: false
evoadmin_sudoers_conf_force: false
evoadmin_add_conf_force: false
evoadmin_mail_tpl_force: false
evoadmin_htpasswd_force: false
evoadmin_htpasswd: false
evoadmin_tpl_servername: "{{ ansible_fqdn }}"
evoadmin_tpl_address: "{{ ansible_default_ipv4.address }}"

View File

@ -45,6 +45,22 @@
notify: reload apache2
when: not evoadmin_enable_vhost
- name: Copy htpasswd for evoadmin
template:
src: "{{ item }}"
dest: "/var/www/.ansible_evoadmin_htpasswd"
mode: "0644"
owner: root
group: www-data
force: "{{ evoadmin_htpasswd_force }}"
with_first_found:
- "templates/evoadmin-web/htpasswd.{{ inventory_hostname }}.j2"
- "templates/evoadmin-web/htpasswd.{{ host_group }}.j2"
- "templates/evoadmin-web/htpasswd.j2"
- "htpasswd.j2"
when: evoadmin_htpasswd
register: evoadmin_htpasswd_template
- name: Copy config file for evoadmin
template:
src: "{{ item }}"

View File

@ -23,7 +23,20 @@
#Options Indexes SymLinksIfOwnerMatch
Options SymLinksIfOwnerMatch
AllowOverride AuthConfig Limit FileInfo
{% if evoadmin_htpasswd %}
Require all denied
Include /etc/apache2/ipaddr_whitelist.conf
AuthType Basic
AuthName "Restricted"
AuthUserFile "/var/www/.ansible_evoadmin_htpasswd"
Require valid-user
<IfModule security2_module>
SecRuleEngine Off
</IfModule>
{% else %}
Require all granted
{% endif %}
</Directory>
# user - group (thanks to sesse@debian.org)