diff --git a/CHANGELOG.md b/CHANGELOG.md
index 11b4a350..4f35ea6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
### Added
+* apache: new variable for mpm mode (+ updated default config accordingly)
+
### Changed
### Fixed
diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml
index e49dbc20..7b58ea3f 100644
--- a/apache/defaults/main.yml
+++ b/apache/defaults/main.yml
@@ -23,3 +23,5 @@ log2mail_alert_email: Null
apache_logrotate_frequency: daily
apache_logrotate_rotate: 365
+
+apache_mpm: "itk"
\ No newline at end of file
diff --git a/apache/files/evolinux-defaults.conf b/apache/files/evolinux-defaults.conf
index e5eadda8..06e28d9e 100644
--- a/apache/files/evolinux-defaults.conf
+++ b/apache/files/evolinux-defaults.conf
@@ -3,12 +3,43 @@ Timeout 10
KeepAliveTimeout 2
MaxKeepAliveRequests 10
#MaxClients 250
-MaxRequestWorkers 250
-ServerLimit 250
-StartServers 50
-MinSpareServers 20
-MaxSpareServers 30
-MaxRequestsPerChild 0
+
+
+ MaxRequestWorkers 250
+ ServerLimit 250
+ StartServers 50
+ MinSpareServers 20
+ MaxSpareServers 30
+ MaxRequestsPerChild 0
+
+
+
+ StartServers 3
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadLimit 64
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxConnectionsPerChild 0
+
+
+
+ LimitUIDRange 0 6000
+ LimitGIDRange 0 6000
+
+
+
+ SSLProtocol all -SSLv2 -SSLv3
+ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
+
+
+
+ ExtendedStatus On
+
+ ProxyStatus On
+
+
+
AllowOverride None
@@ -17,26 +48,11 @@ MaxRequestsPerChild 0
Deny from env=GoAway
-
- SSLProtocol all -SSLv2 -SSLv3
- SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
-
Require all denied
-
- ExtendedStatus On
-
- ProxyStatus On
-
-
-
-
- LimitUIDRange 0 6000
- LimitGIDRange 0 6000
-
Require all denied
diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml
index 3854c539..7be38e1f 100644
--- a/apache/tasks/main.yml
+++ b/apache/tasks/main.yml
@@ -4,7 +4,6 @@
apt:
name:
- apache2
- - libapache2-mpm-itk
- libapache2-mod-evasive
- apachetop
- libwww-perl
@@ -14,6 +13,18 @@
- packages
when: ansible_distribution_major_version is version('9', '>=')
+- name: itk package is installed if required (Debian 9 or later)
+ apt:
+ name:
+ - libapache2-mpm-itk
+ state: present
+ tags:
+ - apache
+ - packages
+ when:
+ - ansible_distribution_major_version is version('9', '>=')
+ - apache_mpm == "itk"
+
- name: packages are installed (jessie)
apt:
name:
@@ -35,7 +46,6 @@
- rewrite
- expires
- headers
- - cgi
- ssl
- include
- negotiation
@@ -44,6 +54,18 @@
tags:
- apache
+- name: basic modules are enabled
+ apache2_module:
+ name: '{{ item }}'
+ state: present
+ with_items:
+ - cgi
+ notify: reload apache
+ when: apache_mpm == "prefork" or apache_mpm == "itk"
+ tags:
+ - apache
+
+
- name: Copy Apache defaults config file
copy:
src: evolinux-defaults.conf