apache: new variable for mpm mode (+ updated default config accordingly)
continuous-integration/drone/push Build is passing Details

Also, itk package will only be installed if required
This commit is contained in:
Ludovic Poujol 2021-04-19 17:35:49 +02:00
parent 5e0ca0e3ff
commit d56c545183
4 changed files with 65 additions and 23 deletions

View File

@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
### Added
* apache: new variable for mpm mode (+ updated default config accordingly)
### Changed
### Fixed

View File

@ -23,3 +23,5 @@ log2mail_alert_email: Null
apache_logrotate_frequency: daily
apache_logrotate_rotate: 365
apache_mpm: "itk"

View File

@ -3,12 +3,43 @@ Timeout 10
KeepAliveTimeout 2
MaxKeepAliveRequests 10
#MaxClients 250
MaxRequestWorkers 250
ServerLimit 250
StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
<IfModule mpm_prefork_module>
MaxRequestWorkers 250
ServerLimit 250
StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_worker_module>
StartServers 3
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
</IfModule>
<IfModule mpm_itk_module>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
<IfModule ssl_module>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<IfModule status_module>
ExtendedStatus On
<IfModule proxy_module>
ProxyStatus On
</IfModule>
</IfModule>
<Directory /home/>
AllowOverride None
@ -17,26 +48,11 @@ MaxRequestsPerChild 0
Deny from env=GoAway
</Directory>
<IfModule mod_ssl.c>
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
</IfModule>
<Files ~ "\.(inc|bak)$">
Require all denied
</Files>
<IfModule mod_status.c>
ExtendedStatus On
<IfModule mod_proxy.c>
ProxyStatus On
</IfModule>
</IfModule>
<IfModule mpm_itk.c>
LimitUIDRange 0 6000
LimitGIDRange 0 6000
</IfModule>
<LocationMatch "^/evolinux_fpm_status-.*">
Require all denied

View File

@ -4,7 +4,6 @@
apt:
name:
- apache2
- libapache2-mpm-itk
- libapache2-mod-evasive
- apachetop
- libwww-perl
@ -14,6 +13,18 @@
- packages
when: ansible_distribution_major_version is version('9', '>=')
- name: itk package is installed if required (Debian 9 or later)
apt:
name:
- libapache2-mpm-itk
state: present
tags:
- apache
- packages
when:
- ansible_distribution_major_version is version('9', '>=')
- apache_mpm == "itk"
- name: packages are installed (jessie)
apt:
name:
@ -35,7 +46,6 @@
- rewrite
- expires
- headers
- cgi
- ssl
- include
- negotiation
@ -44,6 +54,18 @@
tags:
- apache
- name: basic modules are enabled
apache2_module:
name: '{{ item }}'
state: present
with_items:
- cgi
notify: reload apache
when: apache_mpm == "prefork" or apache_mpm == "itk"
tags:
- apache
- name: Copy Apache defaults config file
copy:
src: evolinux-defaults.conf