2016-11-04 22:15:13 +01:00
|
|
|
- name: Ensure packages are installed
|
2016-10-11 03:58:51 +02:00
|
|
|
apt:
|
|
|
|
name: '{{ item }}'
|
2016-11-04 22:15:13 +01:00
|
|
|
state: present
|
2016-10-11 03:58:51 +02:00
|
|
|
with_items:
|
|
|
|
- apache2-mpm-itk
|
|
|
|
- apachetop
|
|
|
|
- libapache2-mod-evasive
|
|
|
|
- libwww-perl
|
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name: Ensure basic modules are enabled
|
|
|
|
apache2_module:
|
|
|
|
name: '{{ item }}'
|
|
|
|
state: present
|
|
|
|
with_items:
|
|
|
|
- rewrite
|
|
|
|
- expires
|
|
|
|
- headers
|
|
|
|
- rewrite
|
|
|
|
- cgi
|
2016-10-11 15:46:35 +02:00
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name: Copy Apache config files
|
|
|
|
copy:
|
|
|
|
src: "{{ item.file }}"
|
|
|
|
dest: "/etc/apache2/conf-available/{{ item.file }}"
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "{{ item.mode }}"
|
|
|
|
with_items:
|
|
|
|
- { file: z_evolix.conf, mode: 0644 }
|
|
|
|
- { file: zzz_evolix.conf, mode: 0640 }
|
2016-10-11 03:58:51 +02:00
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name: Ensure Apache default config is enabled
|
2016-10-11 15:46:35 +02:00
|
|
|
command: a2enconf z_evolix.conf zzz_evolix.conf
|
2016-11-04 22:15:13 +01:00
|
|
|
register: command_result
|
|
|
|
changed_when: "'Enabling' in command_result.stderr"
|
2016-10-11 03:58:51 +02:00
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name: Init ipaddr_whitelist.conf file
|
|
|
|
copy:
|
|
|
|
src: ipaddr_whitelist.conf
|
|
|
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: 0640
|
|
|
|
force: no
|
2016-10-11 03:58:51 +02:00
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name: Add IP addresses to private IP whitelist if defined
|
2016-10-11 15:46:35 +02:00
|
|
|
lineinfile:
|
|
|
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
|
|
|
line: "Allow from {{ item }}"
|
|
|
|
state: present
|
|
|
|
with_items: "{{ apache_ipaddr_whitelist }}"
|
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name: Add a mark in envvars for umask
|
2016-10-11 15:46:35 +02:00
|
|
|
blockinfile:
|
|
|
|
dest: /etc/apache2/envvars
|
|
|
|
block: |
|
|
|
|
## Set umask for writing by Apache user.
|
|
|
|
## Set rights on files and directories written by Apache
|
|
|
|
|
2016-11-04 22:15:13 +01:00
|
|
|
- name : Ensure umask is set in envvars (default is umask 007)
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/apache2/envvars
|
|
|
|
regexp: "^umask"
|
|
|
|
line: "umask 007"
|