forked from evolix/ansible-roles
Quick review of pack-web-apache role
This commit is contained in:
parent
a0ccc2e9d5
commit
5c4125263e
|
@ -1,10 +0,0 @@
|
||||||
<IfModule mpm_itk_module>
|
|
||||||
StartServers 50
|
|
||||||
MinSpareServers 20
|
|
||||||
MaxSpareServers 30
|
|
||||||
ServerLimit 250
|
|
||||||
MaxClients 250
|
|
||||||
MaxRequestsPerChild 0
|
|
||||||
LimitUIDRange 0 6000
|
|
||||||
LimitGIDRange 0 6000
|
|
||||||
</IfModule>
|
|
|
@ -16,62 +16,48 @@
|
||||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
when: envvar_grep_path.rc != 0
|
when: envvar_grep_path.rc != 0
|
||||||
|
|
||||||
- name: Install ITK module for Jessie
|
|
||||||
apt:
|
|
||||||
name: apache2-mpm-itk
|
|
||||||
when: ansible_distribution_release == "jessie"
|
|
||||||
|
|
||||||
- name: Install ITK module for Stretch
|
|
||||||
apt:
|
|
||||||
name: libapache2-mpm-itk
|
|
||||||
when: ansible_distribution_release == "stretch"
|
|
||||||
|
|
||||||
- name: Additional packages are installed
|
- name: Additional packages are installed
|
||||||
apt:
|
apt:
|
||||||
name: '{{ item }}'
|
name: '{{ item }}'
|
||||||
state: present
|
state: present
|
||||||
with_items:
|
with_items:
|
||||||
- libapache2-mod-evasive
|
|
||||||
- libapache2-mod-security2
|
- libapache2-mod-security2
|
||||||
- modsecurity-crs
|
- modsecurity-crs
|
||||||
|
- apg
|
||||||
|
|
||||||
|
- name: Additional modules are enabled
|
||||||
|
apache2_module:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- ssl
|
||||||
|
- include
|
||||||
|
- negotiation
|
||||||
|
- alias
|
||||||
|
|
||||||
- name: Copy Apache settings for modules
|
- name: Copy Apache settings for modules
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "evolinux-modsec.conf"
|
||||||
dest: "/etc/apache2/conf-available/{{ item }}"
|
dest: "/etc/apache2/conf-available/evolinux-modsec.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
force: no
|
||||||
|
|
||||||
|
- name: Copy Apache settings for modules
|
||||||
|
template:
|
||||||
|
src: "evolinux-evasive.conf.j2"
|
||||||
|
dest: "/etc/apache2/conf-available/evolinux-evasive.conf"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
force: no
|
force: no
|
||||||
with_items:
|
|
||||||
- evolinux-itk.conf
|
|
||||||
- evolinux-evasive.conf
|
|
||||||
- evolinux-modsec.conf
|
|
||||||
|
|
||||||
- name: Ensure Apache modules configs are enabled
|
- name: Ensure Apache modules configs are enabled
|
||||||
command: "a2enconf {{ item }}"
|
command: "a2enconf {{ item }}"
|
||||||
register: command_result
|
register: command_result
|
||||||
changed_when: "'Enabling' in command_result.stderr"
|
changed_when: "'Enabling' in command_result.stderr"
|
||||||
with_items:
|
with_items:
|
||||||
- evolinux-itk
|
|
||||||
- evolinux-evasive
|
- evolinux-evasive
|
||||||
- evolinux-modsec
|
- evolinux-modsec
|
||||||
|
|
||||||
- name: Check if log2mail is installed
|
|
||||||
command: "apt list --installed log2mail"
|
|
||||||
register: command_result
|
|
||||||
changed_when: False
|
|
||||||
|
|
||||||
- debug:
|
|
||||||
var: command_result
|
|
||||||
verbosity: 1
|
|
||||||
|
|
||||||
- name: Add log2mail config for Apache segfaults
|
|
||||||
template:
|
|
||||||
src: log2mail-apache.j2
|
|
||||||
dest: "/etc/log2mail/config/apache"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: "0644"
|
|
||||||
force: no
|
|
||||||
when: "'log2mail' in command_result.stdout"
|
|
||||||
|
|
|
@ -5,4 +5,5 @@ DOSSiteCount 30
|
||||||
DOSPageInterval 3
|
DOSPageInterval 3
|
||||||
DOSSiteInterval 1
|
DOSSiteInterval 1
|
||||||
DOSBlockingPeriod 60
|
DOSBlockingPeriod 60
|
||||||
|
DOSEmailNotify {{ general_alert_email }}
|
||||||
</IfModule>
|
</IfModule>
|
Loading…
Reference in a new issue