apache: new variable for mpm mode (+ updated default config accordingly)

Also, itk package will only be installed if required
2021-04-19 17:35:49 +02:00 · 2021-04-19 17:35:49 +02:00 · d56c545183
parent 5e0ca0e3ff
commit d56c545183
4 changed files with 65 additions and 23 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.

 ### Added

+* apache: new variable for mpm mode (+ updated default config accordingly)
+
 ### Changed

 ### Fixed
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@ -23,3 +23,5 @@ log2mail_alert_email: Null

 apache_logrotate_frequency: daily
 apache_logrotate_rotate: 365
+
+apache_mpm: "itk"
--- a/apache/files/evolinux-defaults.conf
+++ b/apache/files/evolinux-defaults.conf
@ -3,12 +3,43 @@ Timeout 10
 KeepAliveTimeout 2
 MaxKeepAliveRequests 10
 #MaxClients 250
-MaxRequestWorkers 250
-ServerLimit 250
-StartServers 50
-MinSpareServers 20
-MaxSpareServers 30
-MaxRequestsPerChild 0
+
+<IfModule mpm_prefork_module>
+    MaxRequestWorkers 250
+    ServerLimit 250
+    StartServers 50
+    MinSpareServers 20
+    MaxSpareServers 30
+    MaxRequestsPerChild 0
+</IfModule>
+
+<IfModule mpm_worker_module>
+    StartServers         3
+    MinSpareThreads      25
+    MaxSpareThreads      75
+    ThreadLimit          64
+    ThreadsPerChild      25
+    MaxRequestWorkers     150
+    MaxConnectionsPerChild   0
+</IfModule>
+
+<IfModule mpm_itk_module>
+    LimitUIDRange       0 6000
+    LimitGIDRange       0 6000
+</IfModule>
+
+<IfModule ssl_module>
+    SSLProtocol all -SSLv2 -SSLv3
+    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+</IfModule>
+
+<IfModule status_module>
+    ExtendedStatus On
+    <IfModule proxy_module>
+        ProxyStatus On
+    </IfModule>
+</IfModule>
+

 <Directory /home/>
    AllowOverride None
@ -17,26 +48,11 @@ MaxRequestsPerChild 0
    Deny from env=GoAway
 </Directory>

-<IfModule mod_ssl.c>
-    SSLProtocol all -SSLv2 -SSLv3
-    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
-</IfModule>

 <Files ~ "\.(inc|bak)$">
    Require all denied
 </Files>

-<IfModule mod_status.c>
-    ExtendedStatus On
-    <IfModule mod_proxy.c>
-        ProxyStatus On
-    </IfModule>
-</IfModule>
-
-<IfModule mpm_itk.c>
-    LimitUIDRange       0 6000
-    LimitGIDRange       0 6000
-</IfModule>

 <LocationMatch "^/evolinux_fpm_status-.*">
    Require all denied
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@ -4,7 +4,6 @@
  apt:
    name:
      - apache2
-      - libapache2-mpm-itk
      - libapache2-mod-evasive
      - apachetop
      - libwww-perl
@ -14,6 +13,18 @@
    - packages
  when: ansible_distribution_major_version is version('9', '>=')

+- name: itk package is installed if required (Debian 9 or later)
+  apt:
+    name:
+      - libapache2-mpm-itk
+    state: present
+  tags:
+    - apache
+    - packages
+  when: 
+    - ansible_distribution_major_version is version('9', '>=')
+    - apache_mpm == "itk" 
+
 - name: packages are installed (jessie)
  apt:
    name:
@ -35,7 +46,6 @@
    - rewrite
    - expires
    - headers
-    - cgi
    - ssl
    - include
    - negotiation
@ -44,6 +54,18 @@
  tags:
    - apache

+- name: basic modules are enabled
+  apache2_module:
+    name: '{{ item }}'
+    state: present
+  with_items:
+    - cgi
+  notify: reload apache
+  when: apache_mpm == "prefork" or apache_mpm == "itk"
+  tags:
+    - apache
+
+
 - name: Copy Apache defaults config file
  copy:
    src: evolinux-defaults.conf