Add dovecot role, evoadmin-mail role and packmail role

This commit is contained in:
Gregory Colpart 2017-10-10 00:03:22 +02:00 committed by Victor LABORIE
parent 95408a2409
commit 1d7d45eb44
28 changed files with 756 additions and 2 deletions

36
dovecot/.kitchen.yml Normal file
View file

@ -0,0 +1,36 @@
---
driver:
name: docker
privileged: true
use_sudo: false
provisioner:
name: ansible_playbook
hosts: test-kitchen
roles_path: ../
ansible_verbose: true
require_ansible_source: false
require_chef_for_busser: false
idempotency_test: true
platforms:
- name: debian
driver_config:
image: evolix/ansible:2.2.1
verifier:
name: serverspec
suites:
- name: default
provisioner:
name: ansible_playbook
playbook: ./tests/test.yml
verifier:
patterns:
- nginx/tests/spec/memcached_spec.rb
bundler_path: '/usr/local/bin'
rspec_path: '/usr/local/bin'
transport:
max_ssh_sessions: 6

11
dovecot/README.md Normal file
View file

@ -0,0 +1,11 @@
# Dovecot
Installation and basic configuration of dovecot
## Tasks
Minimal configuration is in `tasks/main.yml`
## Available variables
The full list of variables (with default values) can be found in `defaults/main.yml`.

View file

@ -0,0 +1,2 @@
---
dovecot_foo: bar

126
dovecot/files/munin_plugin Executable file
View file

@ -0,0 +1,126 @@
#! /bin/bash
#
# Munin Plugin
# to count logins to your dovecot mailserver
#
# Created by Dominik Schulz <lkml@ds.gauner.org>
# http://developer.gauner.org/munin/
# Contributions by:
# - Stephane Enten <tuf@delyth.net>
# - Steve Schnepp <steve.schnepp@pwkf.org>
#
# Parameters understood:
#
# config (required)
# autoconf (optional - used by munin-config)
#
# Config variables:
#
# logfile - Where to find the syslog file
#
# Add the following line to a file in /etc/munin/plugin-conf.d:
# env.logfile /var/log/your/logfile.log
#
# Magic markers (optional - used by munin-config and installation scripts):
#
#%# family=auto
#%# capabilities=autoconf
######################
# Configuration
######################
EXPR_BIN=/usr/bin/expr
LOGFILE=${logfile:-/var/log/mail.log}
######################
if [ "$1" = "autoconf" ]; then
echo yes
exit 0
fi
if [ "$1" = "config" ]; then
echo 'graph_title Dovecot Logins'
echo 'graph_category Mail'
echo 'graph_args --base 1000 -l 0'
echo 'graph_vlabel Login Counters'
for t in Total TLS SSL IMAP POP3
do
field=$(echo $t | tr '[:upper:]' '[:lower:]')
echo "login_$field.label $t Logins"
echo "login_$field.type DERIVE"
echo "login_$field.min 0"
done
echo 'connected.label Connected Users'
exit 0
fi
######################
# Total Logins
######################
echo -en "login_total.value "
VALUE=$(egrep -c '[dovecot]?.*Login' $LOGFILE)
if [ ! -z "$VALUE" ]; then
echo "$VALUE"
else
echo "0"
fi
echo -n
######################
# Connected Users
######################
DISCONNECTS=$(egrep -c '[dovecot]?.*Disconnected' $LOGFILE)
CONNECTS=$(egrep -c '[dovecot]?.*Login' $LOGFILE)
VALUE=$($EXPR_BIN $CONNECTS - $DISCONNECTS)
if [ -z "$VALUE" ] || [ "$VALUE" -lt 0 ]; then
VALUE=0
fi
echo -en "connected.value "
echo $VALUE
echo -n
######################
# TLS Logins
######################
echo -en "login_tls.value "
VALUE=$(egrep -c '[dovecot]?.*Login.*TLS' $LOGFILE)
if [ ! -z "$VALUE" ]; then
echo "$VALUE"
else
echo "0"
fi
echo -n
######################
# SSL Logins
######################
echo -en "login_ssl.value "
VALUE=$(egrep -c '[dovecot]?.*Login.*SSL' $LOGFILE)
if [ ! -z "$VALUE" ]; then
echo "$VALUE"
else
echo "0"
fi
echo -n
######################
# IMAP Logins
######################
echo -en "login_imap.value "
VALUE=$(egrep -c '[dovecot]?.*imap.*Login' $LOGFILE)
if [ ! -z "$VALUE" ]; then
echo "$VALUE"
else
echo "0"
fi
echo -n
######################
# POP3 Logins
######################
echo -en "login_pop3.value "
VALUE=$(egrep -c '[dovecot]?.*pop3.*Login' $LOGFILE)
if [ ! -z "$VALUE" ]; then
echo "$VALUE"
else
echo "0"
fi
echo -n

View file

@ -0,0 +1,5 @@
---
- name: restart dovecot
service:
name: dovecot
state: restarted

11
dovecot/tasks/main.yml Normal file
View file

@ -0,0 +1,11 @@
- name: ensure packages are installed
apt:
name: '{{ item }}'
state: present
with_items:
- dovecot-ldap
- dovecot-imapd
- dovecot-pop3d
- dovecot-sieve
- include: munin.yml

20
dovecot/tasks/munin.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: is Munin present ?
stat:
path: /etc/munin/plugin-conf.d/munin-node
check_mode: no
register: munin_node_plugins_config
- block:
- name: Install munin plugin
copy:
src: munin_plugin
dest: /etc/munin/plugins/dovecot
mode: "0755"
# TODO : add in /etc/munin/plugin-conf.d/munin-node
# [dovecot]
# group adm
when: munin_node_plugins_config.stat.exists

15
packmail/README.md Normal file
View file

@ -0,0 +1,15 @@
# packmail
Install the mail pack, with Postfix/Dovecot/LDAP/evoadmin-mail.
## Tasks
See `tasks/main.yml`.
## Available variables
Main variables are :
* `packmail_enable_evoadmin_vhost` : enable VirtualHost for evoadmin (web interface to create mail accounts)
The full list of variables (with default values) can be found in `defaults/main.yml`.

View file

@ -0,0 +1,5 @@
---
# defaults file for packmail
general_alert_email: "root@localhost"
packmail_enable_evoadmin_vhost: True

View file

@ -0,0 +1,63 @@
dn: cn={4}evolix,cn=config
objectClass: olcSchemaConfig
cn: {4}evolix
olcAttributeTypes: {0}( 1.3.6.1.4.1.24331.22.1.1 NAME 'maildrop' DESC 'mail fo
rward' SUP mail )
olcAttributeTypes: {1}( 1.3.6.1.4.1.24331.22.1.2 NAME 'mailacceptinggeneralid'
DESC 'mail alias' SUP mail )
olcAttributeTypes: {2}( 1.3.6.1.4.1.24331.22.1.3 NAME 'isActive' DESC 'boolean
to verify an global account is active or not' EQUALITY booleanMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.24331.22.1.4 NAME 'accountActive' DESC 'bo
olean to verify if an mail account is active' EQUALITY booleanMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.24331.22.1.5 NAME 'authsmtpActive' DESC 'b
oolean to verify if SMTP-AUTH is enabled for entry' EQUALITY booleanMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.24331.22.1.6 NAME 'courierActive' DESC 'bo
olean to verify if Courier POP/IMAP is enabled for entry' EQUALITY booleanMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.24331.22.1.7 NAME 'webmailActive' DESC 'bo
olean to verify if webmail is enabled for entry' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.24331.22.1.8 NAME 'isAdmin' DESC 'boolean
to verify if entry is admin for entry' EQUALITY booleanMatch SYNTAX 1.3.6.1.4
.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.24331.22.1.9 NAME 'postfixTransport' DESC
'transport for Postfix' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26{20} SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.24331.22.1.10 NAME 'domain' DESC 'Postfix
domain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.24331.22.1.11 NAME 'quota' DESC 'Courier
maildir quota' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.24331.22.1.16 NAME 'vacationActive' DESC
'A flag, for marking the user as being away' EQUALITY booleanMatch SYNTAX 1.3
.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.24331.22.1.17 NAME 'vacationInfo' DESC 'A
bsentee note to leave behind, while on vacation' EQUALITY octetStringMatch SY
NTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.24331.22.1.18 NAME 'vacationStart' DESC '
Beginning of vacation' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.40 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.24331.22.1.19 NAME 'vacationEnd' DESC 'En
d of vacation' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.24331.22.1.20 NAME 'vacationForward' DESC
'Where to forward mails to, while on vacation' EQUALITY caseIgnoreIA5Match S
UBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
)
olcAttributeTypes: {16}( 1.3.6.1.4.1.24331.22.1.21 NAME 'smbActive' DESC 'bool
ean to verify if an Samba account is active' EQUALITY booleanMatch SYNTAX 1.3
.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.24331.22.2.1 NAME 'mailAccount' DESC 'LDAP/
Unix mail account or virtual account' SUP top AUXILIARY MUST ( uid $ mailacce
ptinggeneralid ) MAY ( accountActive $ authsmtpActive $ quota $ isActive $ co
urierActive $ webmailActive $ isAdmin $ vacationActive $ vacationInfo $ vacat
ionStart $ vacationEnd $ vacationForward $ maildrop ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.24331.22.2.2 NAME 'mailAlias' DESC 'Mail al
iasing/forwarding entry' SUP top STRUCTURAL MUST ( mailacceptinggeneralid $ m
aildrop ) MAY ( cn $ isActive ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.24331.22.2.4 NAME 'postfixDomain' DESC 'Pos
tfix domain' SUP posixGroup STRUCTURAL MAY ( postfixTransport $ isActive ) )

View file

@ -0,0 +1,10 @@
---
- name: restart postfix
service:
name: postfix
state: restarted
- name: restart dovecot
service:
name: dovecot
state: restarted

21
packmail/tasks/apache.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Additional packages are installed
apt:
name: '{{ item }}'
state: present
with_items:
- libapache2-mod-security2
- modsecurity-crs
- apg
- name: Additional modules are enabled
apache2_module:
name: '{{ item }}'
state: present
with_items:
- ssl
- include
- negotiation
- alias

46
packmail/tasks/main.yml Normal file
View file

@ -0,0 +1,46 @@
---
- fail:
msg: only compatible with Debian >= 9
when:
- ansible_distribution != "Debian" or ansible_distribution_major_version | version_compare('9', '<')
- name: Include ldap role
include_role:
name: ldap
- name: upload evolix schema
copy:
src: cn4evolix.ldif
dest: /root/cn4evolix.ldif
mode: "0640"
- name: inject evolix schema
command: ldapadd -Y EXTERNAL -H ldapi:/// -f /root/cn4evolix.ldif
- name: Include postfix role
include_role:
name: postfix
- name: Include dovecot role
include_role:
name: dovecot
- name: Include apache role
include_role:
name: apache
- name: Include PHP role
include_role:
name: php
vars:
php_apache_enable: True
- include: apache.yml
- name: Install Evoadmin
include_role:
name: webapps/evoadmin-mail
vars:
evoadminmail_enable_vhost: '{{ packmail_enable_evoadmin_vhost }}'

View file

@ -0,0 +1,23 @@
---
general_alert_email: "root@localhost"
evoadminmail_contact_email: Null
evoadminmail_bounce_email: "{{ evoadminmail_contact_email }}"
evoadminmail_username: evoadmin-mail
evoadminmail_home_dir: "/home/{{ evoadminmail_username }}"
evoadminmail_document_root: "{{ evoadminmail_home_dir }}/www"
evoadminmail_log_dir: "{{ evoadminmail_home_dir }}/log"
evoadminmail_scripts_dir: /usr/share/scripts/
evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
evoadminmail_enable_vhost: True
evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
evoadminmail_tpl_address: "{{ ansible_default_ipv4.address }}"
evoadminmail_tpl_phpmyadmin_url: Null
evoadminmail_tpl_cgi_suffix: Null
evoadminmail_tpl_signature: evoadmin
evoadminmail_tpl_mail_from: root@localhost
evoadminmail_tpl_mail_bcc: Null
evoadminmail_tpl_mail_standard: "{{ general_alert_email }}"
evoadminmail_tpl_mail_urgent: "{{ general_alert_email }}"

View file

@ -0,0 +1,6 @@
---
- name: reload apache2
service:
name: apache2
state: reloaded

View file

@ -0,0 +1,17 @@
---
- name: "Create /etc/evolinux"
file:
dest: "/etc/evolinux"
recurse: yes
state: directory
#- name: Configure web-add config file
# template:
# src: web-add.conf.j2
# dest: /etc/evolinux/web-add.conf
#
#- name: Configure web-add template file for mail
# template:
# src: web-mail.tpl.j2
# dest: "{{ evoadminmail_scripts_dir }}/web-mail.tpl"

View file

@ -0,0 +1,19 @@
---
- include: packages.yml
- include: user.yml
- include: config.yml
- include: ssl.yml
- include: web.yml
- name: enable evoadmin-mail link in default site index
blockinfile:
dest: /var/www/index.html
marker: "<!-- {mark} evoadmin-mail section -->"
block: |
<li><a href="https://{{ evoadminmail_host }}">Interface admin mail (EvoAdmin-mail)</a></li>

View file

@ -0,0 +1,16 @@
---
- include_role:
name: apt
tasks_from: evolix_public.yml
- meta: flush_handlers
- name: Install PHP packages
apt:
name: '{{ item }}'
state: present
with_items:
- php-pear
- php-log
- php-crypt-chap

View file

@ -0,0 +1,15 @@
---
- name: Get mount options for partitions
shell: "mount | grep 'on /usr type'"
args:
warn: no
register: mount
changed_when: False
failed_when: False
when: not ansible_check_mode
- name: Remount /usr if it is a partition and it is not mounted in rw
command: "mount -o remount,rw /usr"
when: mount.rc == 0 and not mount.stdout_lines.0 | search("rw")
args:
warn: no

View file

@ -0,0 +1,24 @@
---
- name: ssl-cert package is installed
apt:
name: ssl-cert
state: present
- name: Create private key and csr for default site ({{ ansible_fqdn }})
command: openssl req -newkey rsa:2048 -sha256 -nodes -keyout /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/{{ evoadminmail_host }}.csr -batch -subj "/CN={{ evoadminmail_host }}"
args:
creates: "/etc/ssl/private/{{ evoadminmail_host }}.key"
- name: Adjust rights on private key
file:
path: /etc/ssl/private/{{ evoadminmail_host }}.key
owner: root
group: ssl-cert
mode: "0640"
- name: Create certificate for default site
command: openssl x509 -req -days 3650 -sha256 -in /etc/ssl/{{ evoadminmail_host }}.csr -signkey /etc/ssl/private/{{ evoadminmail_host }}.key -out /etc/ssl/certs/{{ evoadminmail_host }}.crt
args:
creates: "/etc/ssl/certs/{{ evoadminmail_host }}.crt"

View file

@ -0,0 +1,67 @@
---
- name: Create evoadmin account
user:
name: "{{ evoadminmail_username }}"
comment: "Evoadmin Web Account"
home: "{{ evoadminmail_home_dir}}"
password: "!"
- name: Create log/ directory
file:
path: "{{ evoadminmail_home_dir}}/log"
state: directory
owner: "{{ evoadminmail_username }}"
group: "{{ evoadminmail_username }}"
mode: "0750"
- name: Create www-evoadminmail group
group:
name: "www-{{ evoadminmail_username }}"
state: present
- name: "Create www-evoadmin (Debian 9 or later)"
user:
name: "www-{{ evoadminmail_username }}"
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Install Git
apt:
name: git
state: present
- name: "Clone evoadmin repository (Debian 9 or later)"
git:
repo: https://forge.evolix.org/evoadmin-mail.git
dest: "{{ evoadminmail_document_root}}"
version: master
update: yes
# Warning: Need sudo!
become_user: "{{ evoadminmail_username }}"
when: ansible_distribution_major_version | version_compare('9', '>=')
- include: remount_usr_rw.yml
when: evoadminmail_scripts_dir | search ("/usr")
- name: "Create {{ evoadminmail_scripts_dir }}"
file:
dest: "{{ evoadminmail_scripts_dir }}"
# recurse: yes
mode: "0700"
state: directory
# we use a shell command to have a "changed" thet really reflects the result.
- name: Fix permissions
shell: "chmod -R --verbose u=rwX,g=rX,o= {{ item }}"
register: command_result
changed_when: "'changed' in command_result.stdout"
# failed_when: False
with_items:
- "{{ evoadminmail_home_dir}}/www"
#- name: Add evoadmin sudoers file
# template:
# src: sudoers.j2
# dest: /etc/sudoers.d/evoadmin
# mode: "0600"
# validate: "visudo -cf %s"

View file

@ -0,0 +1,39 @@
---
- name: "Set custom values for PHP config (Debian 9 or later)"
ini_file:
dest: /etc/php/7.0/apache2/conf.d/zzz-evolinux-custom.ini
section: PHP
option: "disable_functions"
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
notify: reload apache2
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Install evoadminmail VHost
template:
src: evoadminmail.conf.j2
dest: /etc/apache2/sites-available/evoadminmail.conf
notify: reload apache2
- name: Enable evoadminmail vhost
command: "a2ensite evoadminmail.conf"
register: cmd_a2ensite
changed_when: "'Enabling site' in cmd_a2ensite.stdout"
notify: reload apache2
when: evoadminmail_enable_vhost
- name: Disable evoadminmail vhost
command: "a2dissite evoadminmail.conf"
register: cmd_a2dissite
changed_when: "'Disabling site' in cmd_a2dissite.stdout"
notify: reload apache2
when: not evoadminmail_enable_vhost
#- name: Copy config file for evoadmin
# template:
# src: config.local.php.j2
# dest: "{{ evoadminmail_document_root}}/conf/config.local.php"
# mode: "0644"
# owner: evoadmin
# group: evoadmin
# force: no

View file

@ -0,0 +1,8 @@
<?php
$localconf['admin']['mail'] = '{{ evoadmin_contact_email or general_alert_email | mandatory }}';
$localconf['debug'] = FALSE;
// Add local users that should be superadmin
$localconf['superadmin'] = array();
$localconf['script_path'] = '{{ evoadmin_scripts_dir }}';
$localconf['cluster'] = FALSE;

View file

@ -0,0 +1,58 @@
<VirtualHost *:80>
ServerName {{ evoadminmail_host }}
Redirect permanent / https://{{ evoadminmail_host }}/
</VirtualHost>
<VirtualHost *:443>
# FQDN principal
ServerName {{ evoadminmail_host }}
#ServerAlias {{ evoadminmail_host }}
# Repertoire principal
DocumentRoot {{ evoadminmail_document_root }}/evoadmin/htdocs/
# SSL
SSLEngine on
SSLCertificateFile /etc/ssl/certs/{{ evoadminmail_host }}.crt
SSLCertificateKeyFile /etc/ssl/private/{{ evoadminmail_host }}.key
SSLProtocol all -SSLv2 -SSLv3
# Propriete du repertoire
<Directory {{ evoadminmail_document_root }}/htdocs/>
#Options Indexes SymLinksIfOwnerMatch
Options SymLinksIfOwnerMatch
AllowOverride AuthConfig Limit FileInfo
Require all granted
</Directory>
# user - group (thanks to sesse@debian.org)
AssignUserID www-{{ evoadminmail_username }} {{ evoadminmail_username }}
# LOG
CustomLog /var/log/apache2/access.log combined
CustomLog {{ evoadminmail_log_dir }}/access.log combined
ErrorLog {{ evoadminmail_log_dir }}/error.log
# AWSTATS
SetEnv AWSTATS_FORCE_CONFIG {{ evoadminmail_username }}
# REWRITE
UseCanonicalName On
RewriteEngine On
RewriteCond %{HTTP_HOST} !^{{ evoadminmail_host }}$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
# PHP
#php_admin_flag engine off
#AddType text/html .html
#php_admin_flag display_errors On
#php_flag short_open_tag On
#php_flag register_globals On
#php_admin_value memory_limit 256M
#php_admin_value max_execution_time 60
#php_admin_value upload_max_filesize 8M
#php_admin_flag allow_url_fopen Off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f www-{{ evoadminmail_username }}"
php_admin_value open_basedir "none"
</VirtualHost>

View file

@ -0,0 +1,3 @@
User_Alias EVOADMIN = www-evoadmin
Cmnd_Alias EVOADMIN_WEB = {{ evoadmin_scripts_dir | mandatory }}/web-*.sh, {{ evoadmin_scripts_dir | mandatory }}/ftpadmin.sh
EVOADMIN ALL=NOPASSWD: EVOADMIN_WEB

View file

@ -0,0 +1,2 @@
CONTACT_MAIL="{{ evoadmin_contact_email or general_alert_email | mandatory }}"
WWWBOUNCE_MAIL="{{ evoadmin_bounce_email or general_alert_email | mandatory }}"

View file

@ -0,0 +1,86 @@
From: {{ evoadmin_tpl_mail_from }}
To: RCPTTO
Bcc: {{ evoadmin_tpl_mail_bcc }}
Subject: Parametres hebergement web : LOGIN
Bonjour,
Votre compte d'hebergement web a ete cree.
**********************************
* CONNEXION SFTP/SSH
**********************************
NOM DU SERVEUR : {{ evoadmin_tpl_servername }}
USER : LOGIN
PASSWORD : PASSE1
*****************************************
* Details sur l'environnement Apache/PHP
*****************************************
URL du site :
http://{{ evoadmin_tpl_servername }}
URL des stats :
http://{{ evoadmin_tpl_servername }}/cgi-RANDOM/awstats.pl
(acces par IP ou login a demander !)
Repertoire de connexion : HOME_DIR/LOGIN/
Repertoire pour site web : HOME_DIR/LOGIN/www/
Apache/PHP tourne en www-LOGIN:LOGIN c'est-a-dire qu'il a acces
uniquement *en lecture* aux differents fichiers/repertoires
(a condition d'avoir 'g=rx' sur les repertoires et 'g=r' sur les
fichiers ce qui est le comportement par defaut).
Lorsqu'on a besoin d'autoriser *l'ecriture* pour certains
fichiers/repertoires, il suffit d'ajouter le droit 'g+w'.
***********************************
* MySQL
***********************************
SERVEUR : 127.0.0.1
PORT DU SERVEUR : 3306
USER : LOGIN
PASSWORD : PASSE2
NOM BASE : DBNAME
URL interface d'admin :
{{ evoadmin_tpl_phpmyadmin_url }}
***********************************
* Rappels divers
***********************************
Votre nom de domaine doit etre configure pour pointer
sur l'adresse IP {{ evoadmin_tpl_address }} (enregistrement DNS A)
ou etre un alias de {{ evoadmin_tpl_servername }} (enregistrement DNS CNAME).
Si vous avez besoin de faire des tests, vous devez
ajouter la ligne suivante au fichier "/etc/hosts" sous Linux/Unix
ou au fichier "system32\drivers\etc\hosts" sous Windows NT/XP :
{{ evoadmin_tpl_address }} {{ evoadmin_tpl_servername }}
Attention, par defaut, toutes les connexions vers l'exterieur
sont bloquees. Si vous avez besoin de recuperer des donnees
a l'exterieur (flux RSS, BDD externe, etc.), contactez nous
afin de mettre en oeuvre les autorisations necessaires.
Afin de securiser au maximum le serveur, certaines URL
particulieres sont non autorisees pour eviter diverses
attaques (XSS, robots, trojans, injections, etc.).
Exemple d'URL refusee :
http://{{ evoadmin_tpl_servername }}/cmd32.exe
En cas de soucis avec votre application, prevenez-nous.
Si vous desirez mettre en place des parametres particuliers
pour votre site (PHP, etc.) ou pour tout autre demande (scripts en crontab,
etc.), n'hesitez pas a nous contacter a l'adresse
{{ evoadmin_tpl_mail_standard }} (ou {{ evoadmin_tpl_mail_urgent }} si votre demande est
urgente).
Cordialement,
--
{{ evoadmin_tpl_signature }}

View file

@ -6,7 +6,7 @@
section: PHP
option: "disable_functions"
value: "shell-exec,system,passthru,putenv,popen"
notify: reload apache
notify: reload apache2
when: ansible_distribution_release == "jessie"
- name: "Set custom values for PHP config (Debian 9 or later)"
@ -15,7 +15,7 @@
section: PHP
option: "disable_functions"
value: "shell-exec,system,passthru,putenv,popen"
notify: reload apache
notify: reload apache2
when: ansible_distribution_major_version | version_compare('9', '>=')
- name: Install evoadmin VHost