make it work on debian, restore certificate management
This commit is contained in:
@@ -2,7 +2,7 @@
|
|||||||
# handlers file for apache_vhost
|
# handlers file for apache_vhost
|
||||||
- name: restart apache
|
- name: restart apache
|
||||||
service:
|
service:
|
||||||
name: httpd
|
name: "{{ apache_service }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
- name: restart zabbix_agentd
|
- name: restart zabbix_agentd
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- certbot
|
- certbot
|
||||||
- mod_ssl
|
- "{{ apache_ssl_packages }}"
|
||||||
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
@@ -12,7 +12,7 @@
|
|||||||
apache_use_ssl: false
|
apache_use_ssl: false
|
||||||
template:
|
template:
|
||||||
src: vhost.conf.jj
|
src: vhost.conf.jj
|
||||||
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
|
dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
register: result
|
register: result
|
||||||
@@ -20,7 +20,7 @@
|
|||||||
# cant use meta / flush handlers in conditionnals
|
# cant use meta / flush handlers in conditionnals
|
||||||
- name: if needed, we restart apache
|
- name: if needed, we restart apache
|
||||||
service:
|
service:
|
||||||
name: httpd
|
name: "{{ apache_service }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
when: result.changed
|
when: result.changed
|
||||||
|
|
||||||
@@ -41,7 +41,7 @@
|
|||||||
- name: deploy ssl config file
|
- name: deploy ssl config file
|
||||||
template:
|
template:
|
||||||
src: ssl.conf
|
src: ssl.conf
|
||||||
dest: /etc/httpd/conf.d
|
dest: "{{ apache_config_dir }}"
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
|
|
||||||
- name: create cronjob for renewal
|
- name: create cronjob for renewal
|
||||||
|
|||||||
@@ -1,12 +1,13 @@
|
|||||||
---
|
---
|
||||||
# tasks file for apache_vhost
|
# tasks file for apache_vhost
|
||||||
|
|
||||||
|
- include_vars: "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
- name: create dedicated user
|
- name: create dedicated user
|
||||||
user:
|
user:
|
||||||
name: "{{ apache_user }}"
|
name: "{{ apache_user }}"
|
||||||
groups:
|
groups:
|
||||||
- apache
|
- "{{ apache_group }}"
|
||||||
home: "{{ apache_base_dir }}"
|
home: "{{ apache_base_dir }}"
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
when: apache_user_password is not defined and apache_user != 'apache'
|
when: apache_user_password is not defined and apache_user != 'apache'
|
||||||
@@ -26,7 +27,7 @@
|
|||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ apache_user }}"
|
owner: "{{ apache_user }}"
|
||||||
group: apache
|
group: "{{ apache_group }}"
|
||||||
mode: 0750
|
mode: 0750
|
||||||
loop:
|
loop:
|
||||||
- "{{ apache_base_dir }}"
|
- "{{ apache_base_dir }}"
|
||||||
@@ -39,6 +40,13 @@
|
|||||||
include_tasks: dns.yml
|
include_tasks: dns.yml
|
||||||
when: apache_use_dns
|
when: apache_use_dns
|
||||||
|
|
||||||
|
- name: remove default site
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/apache2/sites-enabled/000-default.conf
|
||||||
|
state: absent
|
||||||
|
notify: restart apache
|
||||||
|
when: ansible_os_family| lower == 'debian'
|
||||||
|
|
||||||
- name: create certificate
|
- name: create certificate
|
||||||
include_tasks: certbot.yml
|
include_tasks: certbot.yml
|
||||||
when: apache_use_ssl
|
when: apache_use_ssl
|
||||||
@@ -46,7 +54,7 @@
|
|||||||
- name: vhost config file
|
- name: vhost config file
|
||||||
template:
|
template:
|
||||||
src: vhost.conf.jj
|
src: vhost.conf.jj
|
||||||
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
|
dest: "{{ apache_config_dir }}/{{ apache_server_name }}.conf"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
|
|
||||||
|
|||||||
@@ -1,4 +1,6 @@
|
|||||||
|
{% if ansible_os_family | lower =='redhat' %}
|
||||||
Listen 443 https
|
Listen 443 https
|
||||||
|
{% endif %}
|
||||||
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
|
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
|
||||||
SSLSessionCacheTimeout 300
|
SSLSessionCacheTimeout 300
|
||||||
SSLCryptoDevice builtin
|
SSLCryptoDevice builtin
|
||||||
|
|||||||
7
vars/Debian.yml
Normal file
7
vars/Debian.yml
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tconstans.apache/vars/Debian.yml
|
||||||
|
apache_config_dir: /etc/apache2/sites-enabled/
|
||||||
|
apache_packages:
|
||||||
|
- apache2
|
||||||
|
apache_ssl_packages: openssl
|
||||||
|
apache_service: apache2
|
||||||
|
apache_group: www-data
|
||||||
8
vars/RedHat.yml
Normal file
8
vars/RedHat.yml
Normal file
@@ -0,0 +1,8 @@
|
|||||||
|
|
||||||
|
#/home/tom/Documents/Opendoor/Technique/Ansible/roles/tconstans.apache/vars/Debian.yml
|
||||||
|
apache_config_dir: /etc/httpd/conf.d/
|
||||||
|
apache_packages:
|
||||||
|
- httpd
|
||||||
|
apache_service: httpd
|
||||||
|
apache_ssl_packages: mod_ssl
|
||||||
|
apache_group: apache
|
||||||
Reference in New Issue
Block a user