forked from evolix/ansible-roles
Improvments on Apache role
This commit is contained in:
parent
4328f2cdec
commit
241f3f13fd
1
apache/defaults/main.yml
Normal file
1
apache/defaults/main.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
apache_ipaddr_whitelist: [ "1.2.3.4" ]
|
|
@ -1 +1,2 @@
|
||||||
|
# Whitelisted IP addresses, add `Include ipaddr_whitelist.conf` to use it
|
||||||
#Allow from 192.0.2.42
|
#Allow from 192.0.2.42
|
||||||
|
|
5
apache/files/zzz_evolix.conf
Normal file
5
apache/files/zzz_evolix.conf
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
#MaxClients 500
|
||||||
|
#ServerLimit 500
|
||||||
|
#StartServers 100
|
||||||
|
#MinSpareServers 40
|
||||||
|
#MaxSpareServers 60
|
|
@ -13,14 +13,31 @@
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name : copy Apache default config
|
- name : copy Apache default config
|
||||||
copy: src=z_evolix.conf dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644
|
copy: src=z_evolix.conf dest=/etc/apache2/conf-available/z_evolix.conf owner=root group=root mode=0644
|
||||||
|
|
||||||
|
- name : copy Apache override config
|
||||||
|
copy: src=zzz_evolix.conf dest=/etc/apache2/conf-available/zzz_evolix.conf owner=root group=root mode=0640 force=no
|
||||||
|
|
||||||
- name: ensure Apache default config is enabled
|
- name: ensure Apache default config is enabled
|
||||||
command: a2enconf z_evolix.conf
|
command: a2enconf z_evolix.conf zzz_evolix.conf
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: init ipaddr_whitelist.conf file
|
- name: init ipaddr_whitelist.conf file
|
||||||
copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no
|
copy: src=ipaddr_whitelist.conf dest=/etc/apache2/ipaddr_whitelist.conf owner=root group=root mode=0640 force=no
|
||||||
|
|
||||||
- name : ensure umask is in envvars
|
- name: add IP addresses to private IP whitelist
|
||||||
lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 077"
|
lineinfile:
|
||||||
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||||
|
line: "Allow from {{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ apache_ipaddr_whitelist }}"
|
||||||
|
|
||||||
|
- name: add a mark in envvars for umask
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/apache2/envvars
|
||||||
|
block: |
|
||||||
|
## Set umask for writing by Apache user.
|
||||||
|
## Set rights on files and directories written by Apache
|
||||||
|
|
||||||
|
- name : ensure umask is set in envvars (default is umask 007)
|
||||||
|
lineinfile: dest=/etc/apache2/envvars regexp="^umask" line="umask 007"
|
||||||
|
|
15
vagrant.yml
15
vagrant.yml
|
@ -2,13 +2,12 @@
|
||||||
- hosts: all
|
- hosts: all
|
||||||
gather_facts: yes
|
gather_facts: yes
|
||||||
become: yes
|
become: yes
|
||||||
# vars_files:
|
|
||||||
# - 'vars/main.yml'
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
# - { role: apt-upgrade, apt_upgrade_mode: safe }
|
#- { role: apt-upgrade, apt_upgrade_mode: safe }
|
||||||
- apt-upgrade
|
#- apt-upgrade
|
||||||
- munin
|
#- munin
|
||||||
- monit
|
#- monit
|
||||||
- redis
|
#- redis
|
||||||
- { role: rbenv, username: 'vagrant' }
|
#- { role: rbenv, username: 'vagrant' }
|
||||||
|
#- apache
|
||||||
|
|
Loading…
Reference in a new issue