Browse Source

standard Evolix name is /etc/apache2/ipaddr_whitelist.conf cf https://wiki.evolix.org/HowtoApache

evolinux-users
Gregory Colpart 4 years ago
parent
commit
e5e44d5bc1
  1. 10
      apache/tasks/auth.yml
  2. 26
      apache/templates/evolinux-default.conf.j2

10
apache/tasks/auth.yml

@ -1,9 +1,9 @@
---
- name: Init private_ipaddr_whitelist.conf file
- name: Init ipaddr_whitelist.conf file
copy:
src: private_ipaddr_whitelist.conf
dest: /etc/apache2/private_ipaddr_whitelist.conf
dest: /etc/apache2/ipaddr_whitelist.conf
owner: root
group: root
mode: "0640"
@ -13,7 +13,7 @@
- name: add IP addresses to private IP whitelist
lineinfile:
dest: /etc/apache2/private_ipaddr_whitelist.conf
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: present
with_items: "{{ apache_private_ipaddr_whitelist_present }}"
@ -23,7 +23,7 @@
- name: remove IP addresses from private IP whitelist
lineinfile:
dest: /etc/apache2/private_ipaddr_whitelist.conf
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: absent
with_items: "{{ apache_private_ipaddr_whitelist_absent }}"
@ -34,7 +34,7 @@
- name: include private IP whitelist for server-status
lineinfile:
dest: /etc/apache2/mods-available/status.conf
line: " include /etc/apache2/private_ipaddr_whitelist.conf"
line: " include /etc/apache2/ipaddr_whitelist.conf"
insertafter: 'SetHandler server-status'
state: present
tags:

26
apache/templates/evolinux-default.conf.j2

@ -5,24 +5,24 @@
DocumentRoot /var/www/
<Directory />
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /var/www/>
Options -Indexes
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# Munin. We need to set Directory directive as Alias take precedence.
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/>
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /usr/lib/munin/cgi/>
Options -Indexes
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
@ -30,7 +30,7 @@
<Directory /usr/lib/cgi-bin>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
CustomLog /var/log/apache2/access.log vhost_combined
@ -53,7 +53,7 @@
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
include /etc/apache2/private_ipaddr_whitelist.conf
include /etc/apache2/ipaddr_whitelist.conf
Require local
</Location>
</IfModule>
@ -68,12 +68,12 @@
DocumentRoot /var/www/
<Directory />
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /var/www/>
Options -Indexes
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
SSLEngine on
@ -83,19 +83,19 @@
# We override these 2 Directory directives setted in apache2.conf.
# We want no access except from allowed IP address.
<Directory />
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# Munin. We need to set Directory directive as Alias take precedence.
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/>
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
<Directory /usr/lib/munin/cgi/>
Options -Indexes
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# For CGI Scripts. We need to set Directory directive as ScriptAlias take precedence.
@ -103,7 +103,7 @@
<Directory /usr/lib/cgi-bin>
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Require all denied
Include /etc/apache2/private_ipaddr_whitelist.conf
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
CustomLog /var/log/apache2/access.log vhost_combined
@ -113,7 +113,7 @@
<IfModule mod_status.c>
<Location /server-status>
SetHandler server-status
include /etc/apache2/private_ipaddr_whitelist.conf
include /etc/apache2/ipaddr_whitelist.conf
Require local
</Location>
</IfModule>

Loading…
Cancel
Save