forked from evolix/ansible-roles
apache: new variable for mpm mode (+ updated default config accordingly)
Also, itk package will only be installed if required
This commit is contained in:
parent
5e0ca0e3ff
commit
d56c545183
|
@ -12,6 +12,8 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
|
* apache: new variable for mpm mode (+ updated default config accordingly)
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
|
@ -23,3 +23,5 @@ log2mail_alert_email: Null
|
||||||
|
|
||||||
apache_logrotate_frequency: daily
|
apache_logrotate_frequency: daily
|
||||||
apache_logrotate_rotate: 365
|
apache_logrotate_rotate: 365
|
||||||
|
|
||||||
|
apache_mpm: "itk"
|
|
@ -3,12 +3,43 @@ Timeout 10
|
||||||
KeepAliveTimeout 2
|
KeepAliveTimeout 2
|
||||||
MaxKeepAliveRequests 10
|
MaxKeepAliveRequests 10
|
||||||
#MaxClients 250
|
#MaxClients 250
|
||||||
MaxRequestWorkers 250
|
|
||||||
ServerLimit 250
|
<IfModule mpm_prefork_module>
|
||||||
StartServers 50
|
MaxRequestWorkers 250
|
||||||
MinSpareServers 20
|
ServerLimit 250
|
||||||
MaxSpareServers 30
|
StartServers 50
|
||||||
MaxRequestsPerChild 0
|
MinSpareServers 20
|
||||||
|
MaxSpareServers 30
|
||||||
|
MaxRequestsPerChild 0
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule mpm_worker_module>
|
||||||
|
StartServers 3
|
||||||
|
MinSpareThreads 25
|
||||||
|
MaxSpareThreads 75
|
||||||
|
ThreadLimit 64
|
||||||
|
ThreadsPerChild 25
|
||||||
|
MaxRequestWorkers 150
|
||||||
|
MaxConnectionsPerChild 0
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule mpm_itk_module>
|
||||||
|
LimitUIDRange 0 6000
|
||||||
|
LimitGIDRange 0 6000
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule ssl_module>
|
||||||
|
SSLProtocol all -SSLv2 -SSLv3
|
||||||
|
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
<IfModule status_module>
|
||||||
|
ExtendedStatus On
|
||||||
|
<IfModule proxy_module>
|
||||||
|
ProxyStatus On
|
||||||
|
</IfModule>
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
|
||||||
<Directory /home/>
|
<Directory /home/>
|
||||||
AllowOverride None
|
AllowOverride None
|
||||||
|
@ -17,26 +48,11 @@ MaxRequestsPerChild 0
|
||||||
Deny from env=GoAway
|
Deny from env=GoAway
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
|
||||||
SSLProtocol all -SSLv2 -SSLv3
|
|
||||||
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<Files ~ "\.(inc|bak)$">
|
<Files ~ "\.(inc|bak)$">
|
||||||
Require all denied
|
Require all denied
|
||||||
</Files>
|
</Files>
|
||||||
|
|
||||||
<IfModule mod_status.c>
|
|
||||||
ExtendedStatus On
|
|
||||||
<IfModule mod_proxy.c>
|
|
||||||
ProxyStatus On
|
|
||||||
</IfModule>
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<IfModule mpm_itk.c>
|
|
||||||
LimitUIDRange 0 6000
|
|
||||||
LimitGIDRange 0 6000
|
|
||||||
</IfModule>
|
|
||||||
|
|
||||||
<LocationMatch "^/evolinux_fpm_status-.*">
|
<LocationMatch "^/evolinux_fpm_status-.*">
|
||||||
Require all denied
|
Require all denied
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- apache2
|
- apache2
|
||||||
- libapache2-mpm-itk
|
|
||||||
- libapache2-mod-evasive
|
- libapache2-mod-evasive
|
||||||
- apachetop
|
- apachetop
|
||||||
- libwww-perl
|
- libwww-perl
|
||||||
|
@ -14,6 +13,18 @@
|
||||||
- packages
|
- packages
|
||||||
when: ansible_distribution_major_version is version('9', '>=')
|
when: ansible_distribution_major_version is version('9', '>=')
|
||||||
|
|
||||||
|
- name: itk package is installed if required (Debian 9 or later)
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- libapache2-mpm-itk
|
||||||
|
state: present
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
- packages
|
||||||
|
when:
|
||||||
|
- ansible_distribution_major_version is version('9', '>=')
|
||||||
|
- apache_mpm == "itk"
|
||||||
|
|
||||||
- name: packages are installed (jessie)
|
- name: packages are installed (jessie)
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
|
@ -35,7 +46,6 @@
|
||||||
- rewrite
|
- rewrite
|
||||||
- expires
|
- expires
|
||||||
- headers
|
- headers
|
||||||
- cgi
|
|
||||||
- ssl
|
- ssl
|
||||||
- include
|
- include
|
||||||
- negotiation
|
- negotiation
|
||||||
|
@ -44,6 +54,18 @@
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
- name: basic modules are enabled
|
||||||
|
apache2_module:
|
||||||
|
name: '{{ item }}'
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- cgi
|
||||||
|
notify: reload apache
|
||||||
|
when: apache_mpm == "prefork" or apache_mpm == "itk"
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
|
|
||||||
|
|
||||||
- name: Copy Apache defaults config file
|
- name: Copy Apache defaults config file
|
||||||
copy:
|
copy:
|
||||||
src: evolinux-defaults.conf
|
src: evolinux-defaults.conf
|
||||||
|
|
Loading…
Reference in a new issue