evolix
/
ansible-roles
22
2
Fork 2
Code Issues 61 Pull Requests 18 Releases 32 Wiki Activity

apache: new variable for mpm mode (+ updated default config accordingly)
continuous-integration/drone/push Build is passing Details 

Also, itk package will only be installed if required
This commit is contained in:
Ludovic Poujol 2021-04-19 17:35:49 +02:00
parent 5e0ca0e3ff
commit d56c545183
4 changed files with 65 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
### Added ### Added
* apache: new variable for mpm mode (+ updated default config accordingly)
### Changed ### Changed
### Fixed ### Fixed

2
apache/defaults/main.yml
View File

@ -23,3 +23,5 @@ log2mail_alert_email: Null
apache_logrotate_frequency: daily apache_logrotate_frequency: daily
apache_logrotate_rotate: 365 apache_logrotate_rotate: 365
apache_mpm: "itk"

58
apache/files/evolinux-defaults.conf
View File

@ -3,12 +3,43 @@ Timeout 10
KeepAliveTimeout 2 KeepAliveTimeout 2
MaxKeepAliveRequests 10 MaxKeepAliveRequests 10
#MaxClients 250 #MaxClients 250
MaxRequestWorkers 250
ServerLimit 250 <IfModule mpm_prefork_module>
StartServers 50 MaxRequestWorkers 250
MinSpareServers 20 ServerLimit 250
MaxSpareServers 30 StartServers 50
MaxRequestsPerChild 0 MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_worker_module>
StartServers 3
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
<IfModule mpm_itk_module>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
<IfModule ssl_module>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<IfModule status_module>
ExtendedStatus On
<IfModule proxy_module>
ProxyStatus On
</IfModule>
</IfModule>
<Directory /home/> <Directory /home/>
AllowOverride None AllowOverride None
@ -17,26 +48,11 @@ MaxRequestsPerChild 0
Deny from env=GoAway Deny from env=GoAway
</Directory> </Directory>
<IfModule mod_ssl.c>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<Files ~ "\.(inc|bak)$"> <Files ~ "\.(inc|bak)$">
Require all denied Require all denied
</Files> </Files>
<IfModule mod_status.c>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>
<IfModule mpm_itk.c>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
<LocationMatch "^/evolinux_fpm_status-.*"> <LocationMatch "^/evolinux_fpm_status-.*">
Require all denied Require all denied

26
apache/tasks/main.yml
View File

@ -4,7 +4,6 @@
apt: apt:
name: name:
- apache2 - apache2
- libapache2-mpm-itk
- libapache2-mod-evasive - libapache2-mod-evasive
- apachetop - apachetop
- libwww-perl - libwww-perl
@ -14,6 +13,18 @@
- packages - packages
when: ansible_distribution_major_version is version('9', '>=') when: ansible_distribution_major_version is version('9', '>=')
- name: itk package is installed if required (Debian 9 or later)
apt:
name:
- libapache2-mpm-itk
state: present
tags:
- apache
- packages
when:
- ansible_distribution_major_version is version('9', '>=')
- apache_mpm == "itk"
- name: packages are installed (jessie) - name: packages are installed (jessie)
apt: apt:
name: name:
@ -35,7 +46,6 @@
- rewrite - rewrite
- expires - expires
- headers - headers
- cgi
- ssl - ssl
- include - include
- negotiation - negotiation
@ -44,6 +54,18 @@
tags: tags:
- apache - apache
- name: basic modules are enabled
apache2_module:
name: '{{ item }}'
state: present
with_items:
- cgi
notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk"
tags:
- apache
- name: Copy Apache defaults config file - name: Copy Apache defaults config file
copy: copy:
src: evolinux-defaults.conf src: evolinux-defaults.conf