From d56c54518376e91635a2167ad954749bd4993a3c Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Mon, 19 Apr 2021 17:35:49 +0200 Subject: [PATCH] apache: new variable for mpm mode (+ updated default config accordingly) Also, itk package will only be installed if required --- CHANGELOG.md | 2 + apache/defaults/main.yml | 2 + apache/files/evolinux-defaults.conf | 58 ++++++++++++++++++----------- apache/tasks/main.yml | 26 ++++++++++++- 4 files changed, 65 insertions(+), 23 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 11b4a350..4f35ea6c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release. ### Added +* apache: new variable for mpm mode (+ updated default config accordingly) + ### Changed ### Fixed diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml index e49dbc20..7b58ea3f 100644 --- a/apache/defaults/main.yml +++ b/apache/defaults/main.yml @@ -23,3 +23,5 @@ log2mail_alert_email: Null apache_logrotate_frequency: daily apache_logrotate_rotate: 365 + +apache_mpm: "itk" \ No newline at end of file diff --git a/apache/files/evolinux-defaults.conf b/apache/files/evolinux-defaults.conf index e5eadda8..06e28d9e 100644 --- a/apache/files/evolinux-defaults.conf +++ b/apache/files/evolinux-defaults.conf @@ -3,12 +3,43 @@ Timeout 10 KeepAliveTimeout 2 MaxKeepAliveRequests 10 #MaxClients 250 -MaxRequestWorkers 250 -ServerLimit 250 -StartServers 50 -MinSpareServers 20 -MaxSpareServers 30 -MaxRequestsPerChild 0 + + + MaxRequestWorkers 250 + ServerLimit 250 + StartServers 50 + MinSpareServers 20 + MaxSpareServers 30 + MaxRequestsPerChild 0 + + + + StartServers 3 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 0 + + + + LimitUIDRange 0 6000 + LimitGIDRange 0 6000 + + + + SSLProtocol all -SSLv2 -SSLv3 + SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4 + + + + ExtendedStatus On + + ProxyStatus On + + + AllowOverride None @@ -17,26 +48,11 @@ MaxRequestsPerChild 0 Deny from env=GoAway - - SSLProtocol all -SSLv2 -SSLv3 - SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4 - Require all denied - - ExtendedStatus On - - ProxyStatus On - - - - - LimitUIDRange 0 6000 - LimitGIDRange 0 6000 - Require all denied diff --git a/apache/tasks/main.yml b/apache/tasks/main.yml index 3854c539..7be38e1f 100644 --- a/apache/tasks/main.yml +++ b/apache/tasks/main.yml @@ -4,7 +4,6 @@ apt: name: - apache2 - - libapache2-mpm-itk - libapache2-mod-evasive - apachetop - libwww-perl @@ -14,6 +13,18 @@ - packages when: ansible_distribution_major_version is version('9', '>=') +- name: itk package is installed if required (Debian 9 or later) + apt: + name: + - libapache2-mpm-itk + state: present + tags: + - apache + - packages + when: + - ansible_distribution_major_version is version('9', '>=') + - apache_mpm == "itk" + - name: packages are installed (jessie) apt: name: @@ -35,7 +46,6 @@ - rewrite - expires - headers - - cgi - ssl - include - negotiation @@ -44,6 +54,18 @@ tags: - apache +- name: basic modules are enabled + apache2_module: + name: '{{ item }}' + state: present + with_items: + - cgi + notify: reload apache + when: apache_mpm == "prefork" or apache_mpm == "itk" + tags: + - apache + + - name: Copy Apache defaults config file copy: src: evolinux-defaults.conf