From ac6c75c19ff3241f640a28d260fe27ec26159ebe Mon Sep 17 00:00:00 2001 From: Thomas Constans Date: Sun, 19 Apr 2020 22:19:39 +0200 Subject: [PATCH] role apache_vhost: up and running --- .travis.yml | 29 ++ README.md | 51 +++ defaults/main.yml | 15 + handlers/main.yml | 13 + meta/main.yml | 53 +++ tasks/goaccess.yml | 26 ++ tasks/main.yml | 49 +++ templates/goaccess.conf | 719 ++++++++++++++++++++++++++++++++++++ templates/logrotate.conf.jj | 23 ++ templates/pool.conf.jj | 22 ++ templates/vhost.conf.jj | 43 +++ tests/inventory | 2 + tests/test.yml | 5 + vars/main.yml | 2 + 14 files changed, 1052 insertions(+) create mode 100644 .travis.yml create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/goaccess.yml create mode 100644 tasks/main.yml create mode 100644 templates/goaccess.conf create mode 100644 templates/logrotate.conf.jj create mode 100644 templates/pool.conf.jj create mode 100644 templates/vhost.conf.jj create mode 100644 tests/inventory create mode 100644 tests/test.yml create mode 100644 vars/main.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..36bbf62 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..6425161 --- /dev/null +++ b/README.md @@ -0,0 +1,51 @@ +Role Name +========= + +This will setup a basic vhost + php fpm (config, directories, dedicated account, logrotate ) + +Requirements +------------ + +Obviously an apache server, you'll probably want php and some certificates too. + +Role Variables +-------------- + +apache_server_name +apache_server_alias (list) +apache_base_dir: /srv/{{ apache_server_name }} +apache_document_root: {{ apache_base_dir }}/www +apache_access_log: {{ apache_base_dir}}/logs/access_log +apache_php_socket: {{ apache_base_dir }}/php-fpm.sock +apache_use_php: true +apache_use_ssl: true +apache_stats: true +apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem +apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem +apache_ssl_key: /etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem +apache_user: {{ apache_server_name }} +apache_allowoverride: all + +Example Playbook +---------------- + +- name: setup apache vhost for mdv + hosts: alpine + vars: + apache_server_name: maisonduvelolyon.org + apache_server_alias: + - stats.maisonduvelolyon.org + - pignonsurrue.org + apache_use_ssl: true + roles: + - apache_vhost + +License +------- + +BSD + +Author Information +------------------ + +Thomas C diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..2417bbb --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,15 @@ +--- +# defaults file for apache_vhost +apache_base_dir: "/srv/{{ apache_server_name }}" +apache_document_root: "{{ apache_base_dir }}/www" +apache_access_log: "{{ apache_base_dir}}/logs/access_log" +apache_php_socket: "{{ apache_base_dir }}/php-fpm.sock" +apache_use_php: true +apache_use_ssl: true +apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem" +apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem" +apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem " +apache_user: "{{ apache_server_name }}" +apache_allowoverride: all +apache_restart: false +apache_stats: true diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..206ea9e --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers file for apache_vhost +- name: restart apache + service: + name: httpd + state: restarted + when: apache_restart + +- name: restart php-fpm + service: + name: php73-php-fpm + state: restarted + when: apache_restart \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..227ad9c --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,53 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.9 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. + \ No newline at end of file diff --git a/tasks/goaccess.yml b/tasks/goaccess.yml new file mode 100644 index 0000000..a6130e8 --- /dev/null +++ b/tasks/goaccess.yml @@ -0,0 +1,26 @@ +--- +- name: goaccess - install + yum: + name: https://infra.opendoor.fr/Files/goaccess-1.3-1.el7.x86_64.rpm + state: present + +- name: goaccess - configure + template: + src: goaccess.conf + dest: "/srv/{{ apache_server_name }}/goaccess.conf" + owner: "{{ apache_user }}" + +- name: goaccess - create stats dir + file: + path: "/srv/{{ apache_server_name }}/stats" + owner: "{{ apache_user }}" + state: directory + +- name: goaccess - create cronjob + cron: + name: "goaccess {{ apache_server_name }}" + cron_file: "goaccess_{{ apache_server_name }}" + user: "{{ apache_user }}" + hour: "00" + minute: "{{ 59 | random(seed=inventory_hostname) }}" + job: "LANG=fr_FR.UTF8 /usr/bin/goaccess -p /srv/{{ apache_server_name }}/goaccess.conf --load-from-disk --keep-db-files" \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c78a8d6 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,49 @@ +--- +# tasks file for apache_vhost +- name: create dedicated user + user: + name: "{{ apache_user }}" + groups: + - apache + - ssh_users + home: "{{ apache_base_dir }}" + shell: /bin/bash + +- name: vhost config file + template: + src: vhost.conf.jj + dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf + mode: 0644 + notify: restart apache + +- name: php-fpm config file + template: + src: pool.conf.jj + dest: /etc/opt/remi/php73/php-fpm.d/{{apache_server_name }}.conf + notify: restart php-fpm + when: apache_use_php + +- name: create directories + file: + path: "{{ item }}" + state: directory + owner: "{{ apache_user }}" + group: apache + mode: 0750 + loop: + - "{{ apache_base_dir }}" + - "{{ apache_base_dir }}/logs" + - "{{ apache_base_dir }}/www" + - "{{ apache_base_dir }}/session" + - "{{ apache_base_dir }}/wsdlcache" + +- name: logrotate config file + template: + src: logrotate.conf.jj + dest: "/etc/logrotate.d/{{ apache_server_name }}.conf" + mode: 0644 + +- name: goaccess + import_tasks: goaccess.yml + when: apache_stats + tags: stats \ No newline at end of file diff --git a/templates/goaccess.conf b/templates/goaccess.conf new file mode 100644 index 0000000..7eb29e5 --- /dev/null +++ b/templates/goaccess.conf @@ -0,0 +1,719 @@ +###################################### +# Time Format Options (required) +###################################### +# +# The hour (24-hour clock) [00,23]; leading zeros are permitted but not required. +# The minute [00,59]; leading zeros are permitted but not required. +# The seconds [00,60]; leading zeros are permitted but not required. +# See `man strftime` for more details +# +# The following time format works with any of the +# Apache/NGINX's log formats below. +# +#time-format %H:%M:%S +# +# Google Cloud Storage or +# The time in microseconds since the Unix epoch. +# +#time-format %f + +# Squid native log format +# +#time-format %s + +###################################### +# Date Format Options (required) +###################################### +# +# The date-format variable followed by a space, specifies +# the log format date containing any combination of regular +# characters and special format specifiers. They all begin with a +# percentage (%) sign. See `man strftime` +# +# The following date format works with any of the +# Apache/NGINX's log formats below. +# +#date-format %d/%b/%Y +# +# AWS | Amazon CloudFront (Download Distribution) +# AWS | Elastic Load Balancing +# W3C (IIS) +# +#date-format %Y-%m-%d +# +# Google Cloud Storage or +# The time in microseconds since the Unix epoch. +# +#date-format %f + +# Squid native log format +# +#date-format %s + +###################################### +# Log Format Options (required) +###################################### +# +# The log-format variable followed by a space or \t for +# tab-delimited, specifies the log format string. +# +# NOTE: If the time/date is a timestamp in seconds or microseconds +# %x must be used instead of %d & %t to represent the date & time. + +# NCSA Combined Log Format +#log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +# NCSA Combined Log Format with Virtual Host +#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u" + +# Common Log Format (CLF) +#log-format %h %^[%d:%t %^] "%r" %s %b + +# Common Log Format (CLF) with Virtual Host +#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b + +# W3C +#log-format %d %t %h %^ %^ %^ %^ %r %^ %s %b %^ %^ %u %R + +# Squid native log format +#log-format %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U + +# AWS | Amazon CloudFront (Download Distribution) +#log-format %d\t%t\t%^\t%b\t%h\t%m\t%^\t%r\t%s\t%R\t%u\t%^ + +# Google Cloud Storage +#log-format "%x","%h",%^,%^,"%m","%U","%s",%^,"%b","%D",%^,"%R","%u" + +# AWS | Elastic Load Balancing +#log-format %dT%t.%^ %^ %h:%^ %^ %T %^ %^ %^ %s %^ %b "%r" "%u" + +# AWSS3 | Amazon Simple Storage Service (S3) +#log-format %^[%d:%t %^] %h %^"%r" %s %^ %b %^ %L %^ "%R" "%u" + +# Virtualmin Log Format with Virtual Host +#log-format %h %^ %v %^[%d:%t %^] "%r" %s %b "%R" "%u" + +# In addition to specifying the raw log/date/time formats, for +# simplicity, any of the following predefined log format names can be +# supplied to the log/date/time-format variables. GoAccess can also +# handle one predefined name in one variable and another predefined +# name in another variable. +# +log-format COMBINED +#log-format VCOMBINED +#log-format COMMON +#log-format VCOMMON +#log-format W3C +#log-format SQUID +#log-format CLOUDFRONT +#log-format CLOUDSTORAGE +#log-format AWSELB +#log-format AWSS3 + +###################################### +# UI Options +###################################### + +# Choose among color schemes +# 1 : Monochrome +# 2 : Green +# 3 : Monokai (if 256-colors supported) +# +color-scheme 3 + +# Prompt log/date configuration window on program start. +# +config-dialog false + +# Color highlight active panel. +# +hl-header true + +# Specify a custom CSS file in the HTML report. +# +#html-custom-css /path/file.css + +# Specify a custom JS file in the HTML report. +# +#html-custom-js /path/file.js + +# Set default HTML preferences. +# +# NOTE: A valid JSON object is required. +# DO NOT USE A MULTILINE JSON OBJECT. +# The parser will only parse the value next to `html-prefs` (single line) +# It allows the ability to customize each panel plot. See example below. +# +#html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}} + +# Set HTML report page title and header. +# +#html-report-title My Awesome Web Stats + +# Format JSON output using tabs and newlines. +# +json-pretty-print false + +# Turn off colored output. This is the default output on +# terminals that do not support colors. +# true : for no color output +# false : use color-scheme +# +no-color false + +# Don't write column names in the terminal output. By default, it displays +# column names for each available metric in every panel. +# +no-column-names false + +# Disable summary metrics on the CSV output. +# +no-csv-summary false + +# Disable progress metrics. +# +no-progress false + +# Disable scrolling through panels on TAB. +# +no-tab-scroll false + +# Do not show the last updated field displayed in the HTML generated report. +# +#no-html-last-updated true + +# Enable mouse support on main dashboard. +# +with-mouse false + +# Maximum number of items to show per panel. +# Note: Only the CSV and JSON outputs allow a maximum greater than the +# default value of 366. +# +#max-items 366 + +# Custom colors for the terminal output +# Tailor GoAccess to suit your own tastes. +# +# Color Syntax: +# DEFINITION space/tab colorFG#:colorBG# [[attributes,] PANEL] +# +# FG# = foreground color number [-1...255] (-1 = default terminal color) +# BG# = background color number [-1...255] (-1 = default terminal color) +# +# Optionally: +# +# It is possible to apply color attributes, such as: +# bold,underline,normal,reverse,blink. +# Multiple attributes are comma separated +# +# If desired, it is possible to apply custom colors per panel, that is, a +# metric in the REQUESTS panel can be of color A, while the same metric in the +# BROWSERS panel can be of color B. +# +# The following is a 256 color scheme (hybrid palette) +# +#color COLOR_MTRC_HITS color110:color-1 +#color COLOR_MTRC_VISITORS color173:color-1 +#color COLOR_MTRC_DATA color221:color-1 +#color COLOR_MTRC_BW color167:color-1 +#color COLOR_MTRC_AVGTS color143:color-1 +#color COLOR_MTRC_CUMTS color247:color-1 +#color COLOR_MTRC_MAXTS color186:color-1 +#color COLOR_MTRC_PROT color109:color-1 +#color COLOR_MTRC_MTHD color139:color-1 +#color COLOR_MTRC_HITS_PERC color186:color-1 +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 VISITORS +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 OS +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 BROWSERS +#color COLOR_MTRC_HITS_PERC_MAX color139:color-1 VISIT_TIMES +#color COLOR_MTRC_VISITORS_PERC color186:color-1 +#color COLOR_MTRC_VISITORS_PERC_MAX color139:color-1 +#color COLOR_PANEL_COLS color243:color-1 +#color COLOR_BARS color250:color-1 +#color COLOR_ERROR color231:color167 +#color COLOR_SELECTED color7:color167 +#color COLOR_PANEL_ACTIVE color7:color237 +#color COLOR_PANEL_HEADER color250:color235 +#color COLOR_PANEL_DESC color242:color-1 +#color COLOR_OVERALL_LBLS color243:color-1 +#color COLOR_OVERALL_VALS color167:color-1 +#color COLOR_OVERALL_PATH color186:color-1 +#color COLOR_ACTIVE_LABEL color139:color235 bold underline +#color COLOR_BG color250:color-1 +#color COLOR_DEFAULT color243:color-1 +#color COLOR_PROGRESS color7:color110 + +###################################### +# Server Options +###################################### + +# Specify IP address to bind server to. +# +#addr 0.0.0.0 + +# Run GoAccess as daemon (if --real-time-html enabled). +# +#daemonize false + +# Ensure clients send the specified origin header upon the WebSocket +# handshake. +# +origin https://{{ apache_server_name }} + +# The port to which the connection is being attempted to connect. +# By default GoAccess' WebSocket server listens on port 7890 +# See man page or http://gwsocket.io for details. +# +port 7890 + +# Enable real-time HTML output. +# +#real-time-html true + +# Path to TLS/SSL certificate. +# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL. +# +#ssl-cert /path/ssl/domain.crt + +# Path to TLS/SSL private key. +# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL. +# +#ssl-key /path/ssl/domain.key + +# URL to which the WebSocket server responds. This is the URL supplied +# to the WebSocket constructor on the client side. +# +# Optionally, it is possible to specify the WebSocket URI scheme, such as ws:// +# or wss:// for unencrypted and encrypted connections. +# e.g., ws-url wss://goaccess.io +# +# If GoAccess is running behind a proxy, you could set the client side +# to connect to a different port by specifying the host followed by a +# colon and the port. +# e.g., ws-url goaccess.io:9999 +# +# By default, it will attempt to connect to localhost. If GoAccess is +# running on a remote server, the host of the remote server should be +# specified here. Also, make sure it is a valid host and NOT an http +# address. +# +#ws-url goaccess.io + +# Path to read named pipe (FIFO). +# +#fifo-in /tmp/wspipein.fifo + +# Path to write named pipe (FIFO). +# +#fifo-in /tmp/wspipeout.fifo + +###################################### +# File Options +###################################### + +# Specify the path to the input log file. If set, it will take +# priority over -f from the command line. +# +log-file {{ apache_access_log }} + +# Send all debug messages to the specified file. +# +#debug-file debug.log + +# Specify a custom configuration file to use. If set, it will take +# priority over the global configuration file (if any). +# +#config-file + +# Log invalid requests to the specified file. +# +#invalid-requests + +# Do not load the global configuration file. +# +#no-global-config false + +###################################### +# Parse Options +###################################### + +# Enable a list of user-agents by host. For faster parsing, do not +# enable this flag. +# +agent-list false + +# Enable IP resolver on HTML|JSON|CSV output. +# +with-output-resolver false + +# Exclude an IPv4 or IPv6 from being counted. +# Ranges can be included as well using a dash in between +# the IPs (start-end). +# +#exclude-ip 127.0.0.1 +#exclude-ip 192.168.0.1-192.168.0.100 +#exclude-ip ::1 +#exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808 +exclude-ip 100.0.0.10 + +# Include HTTP request method if found. This will create a +# request key containing the request method + the actual request. +# +# [default: yes] +# +http-method yes + +# Include HTTP request protocol if found. This will create a +# request key containing the request protocol + the actual request. +# +# [default: yes] +# +http-protocol yes + +# Write output to stdout given one of the following files and the +# corresponding extension for the output format: +# +# /path/file.csv - Comma-separated values (CSV) +# /path/file.json - JSON (JavaScript Object Notation) +# /path/file.html - HTML +# +output-format {{ apache_base_dir }}/www/stats.html + +# Ignore request's query string. +# i.e., www.google.com/page.htm?query => www.google.com/page.htm +# +# Note: Removing the query string can greatly decrease memory +# consumption, especially on timestamped requests. +# +no-query-string false + +# Disable IP resolver on terminal output. +# +no-term-resolver false + +# Treat non-standard status code 444 as 404. +# +444-as-404 false + +# Add 4xx client errors to the unique visitors count. +# +4xx-to-unique-count false + +# Include static files that contain a query string in the static files +# panel. +# e.g., /fonts/fontawesome-webfont.woff?v=4.0.3 +# +all-static-files false + +# Date specificity. Possible values: `date` (default), or `hr`. +# +#date-spec hr + +# Decode double-encoded values. +# +double-decode false + +# Enable parsing/displaying the given panel. +# +#enable-panel VISITORS +#enable-panel REQUESTS +#enable-panel REQUESTS_STATIC +#enable-panel NOT_FOUND +#enable-panel HOSTS +#enable-panel OS +#enable-panel BROWSERS +#enable-panel VISIT_TIMES +#enable-panel VIRTUAL_HOSTS +#enable-panel REFERRERS +#enable-panel REFERRING_SITES +#enable-panel KEYPHRASES +#enable-panel STATUS_CODES +#enable-panel REMOTE_USER +#enable-panel GEO_LOCATION + +# Hour specificity. Possible values: `hr` (default), or `min` (tenth +# of a minute). +# +#hour-spec min + +# Ignore crawlers from being counted. +# This will ignore robots listed under browsers.c +# Note that it will count them towards the total +# number of requests, but excluded from any of the panels. +# +ignore-crawlers false + +# Parse and display crawlers only. +# This will ignore robots listed under browsers.c +# Note that it will count them towards the total +# number of requests, but excluded from any of the panels. +# +crawlers-only false + +# Ignore parsing and displaying the given panel. +# +#ignore-panel VISITORS +#ignore-panel REQUESTS +#ignore-panel REQUESTS_STATIC +#ignore-panel NOT_FOUND +#ignore-panel HOSTS +#ignore-panel OS +#ignore-panel BROWSERS +#ignore-panel VISIT_TIMES +#ignore-panel VIRTUAL_HOSTS +#ignore-panel REFERRERS +#ignore-panel REFERRING_SITES +#ignore-panel KEYPHRASES +#ignore-panel STATUS_CODES +#ignore-panel REMOTE_USER +#ignore-panel GEO_LOCATION + +# Ignore referers from being counted. +# This supports wild cards. For instance, +# '*' matches 0 or more characters (including spaces) +# '?' matches exactly one character +# +#ignore-referer *.domain.com +#ignore-referer ww?.domain.* + +# Ignore parsing and displaying one or multiple status code(s) +# +#ignore-status 400 +#ignore-status 502 + +# Number of lines from the access log to test against the provided +# log/date/time format. By default, the parser is set to test 10 +# lines. If set to 0, the parser won't test any lines and will parse +# the whole access log. +# +#num-tests 10 + +# Parse log and exit without outputting data. +# +#process-and-exit false + +# Display real OS names. e.g, Windows XP, Snow Leopard. +# +real-os true + +# Sort panel on initial load. +# Sort options are separated by comma. +# Options are in the form: PANEL,METRIC,ORDER +# +# Available metrics: +# BY_HITS - Sort by hits +# BY_VISITORS - Sort by unique visitors +# BY_DATA - Sort by data +# BY_BW - Sort by bandwidth +# BY_AVGTS - Sort by average time served +# BY_CUMTS - Sort by cumulative time served +# BY_MAXTS - Sort by maximum time served +# BY_PROT - Sort by http protocol +# BY_MTHD - Sort by http method +# Available orders: +# ASC +# DESC +# +#sort-panel VISITORS,BY_DATA,ASC +#sort-panel REQUESTS,BY_HITS,ASC +#sort-panel REQUESTS_STATIC,BY_HITS,ASC +#sort-panel NOT_FOUND,BY_HITS,ASC +#sort-panel HOSTS,BY_HITS,ASC +#sort-panel OS,BY_HITS,ASC +#sort-panel BROWSERS,BY_HITS,ASC +#sort-panel VISIT_TIMES,BY_DATA,DESC +#sort-panel VIRTUAL_HOSTS,BY_HITS,ASC +#sort-panel REFERRERS,BY_HITS,ASC +#sort-panel REFERRING_SITES,BY_HITS,ASC +#sort-panel KEYPHRASES,BY_HITS,ASC +#sort-panel STATUS_CODES,BY_HITS,ASC +#sort-panel REMOTE_USER,BY_HITS,ASC +#sort-panel GEO_LOCATION,BY_HITS,ASC + +# Consider the following extensions as static files +# The actual '.' is required and extensions are case sensitive +# For a full list, uncomment the less common static extensions below. +# +static-file .css +static-file .js +static-file .jpg +static-file .png +static-file .gif +static-file .ico +static-file .jpeg +static-file .pdf +static-file .txt +static-file .csv +static-file .zip +static-file .mp3 +static-file .mp4 +static-file .mpeg +static-file .mpg +static-file .exe +static-file .swf +static-file .woff +static-file .woff2 +static-file .xls +static-file .xlsx +static-file .doc +static-file .docx +static-file .ppt +static-file .pptx +static-file .iso +static-file .gz +static-file .rar +static-file .svg +static-file .bmp +static-file .tar +static-file .tgz +static-file .tiff +static-file .tif +static-file .ttf +static-file .flv +#static-file .less +#static-file .ac3 +#static-file .avi +#static-file .bz2 +#static-file .class +#static-file .cue +#static-file .dae +#static-file .dat +#static-file .dts +#static-file .ejs +#static-file .eot +#static-file .eps +#static-file .img +#static-file .jar +#static-file .map +#static-file .mid +#static-file .midi +#static-file .mkv +#static-file .odp +#static-file .ods +#static-file .odt +#static-file .ogg +#static-file .otf +#static-file .pict +#static-file .pls +#static-file .ps +#static-file .qt +#static-file .rm +#static-file .svgz +#static-file .wav +#static-file .webp + +###################################### +# GeoIP Options +# Only if configured with --enable-geoip +###################################### + +# Standard GeoIP database for less memory usage. +# +#std-geoip false + +# Specify path to GeoIP database file. i.e., GeoLiteCity.dat +# .dat file needs to be downloaded from maxmind.com. +# +# For IPv4 City database: +# wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz +# gunzip GeoLiteCity.dat.gz +# +# For IPv6 City database: +# wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz +# gunzip GeoLiteCityv6.dat.gz +# +# For IPv6 Country database: +# wget -N http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz +# gunzip GeoIPv6.dat.gz +# +# Note: `geoip-city-data` is an alias of `geoip-database` +# +#geoip-database /usr/local/share/GeoIP/GeoLiteCity.dat + +###################################### +# Tokyo Cabinet Options +# Only if configured with --enable-tcb=btree +###################################### + +# GoAccess has the ability to process logs incrementally through the on-disk +# B+Tree database. +# +# It works in the following way: +# - A data set must be persisted first with --keep-db-files, then the same data +# set can be loaded with --load-from-disk. +# - If new data is passed (piped or through a log file), it will append it to +# the original data set. +# - To preserve the data at all times, --keep-db-files must be used. +# - If --load-from-disk is used without --keep-db-files, database files will be +# deleted upon closing the program. + +# On-disk B+ Tree +# Persist parsed data into disk. This should be set to +# the first dataset prior to use `load-from-disk`. +# Setting it to false will delete all database files +# when exiting the program. +keep-db-files true + +# On-disk B+ Tree +# Load previously stored data from disk. +# Database files need to exist. See `keep-db-files`. +#load-from-disk false + +# On-disk B+ Tree +# Path where the on-disk database files are stored. +# The default value is the /tmp/ directory +# Note the trailing forward-slash. +# +db-path {{ apache_base_dir }}/stats/ + +# On-disk B+ Tree +# Set the size in bytes of the extra mapped memory. +# The default value is 0. +# +#xmmap 0 + +# On-disk B+ Tree +# Max number of leaf nodes to be cached. +# Specifies the maximum number of leaf nodes to be cached. +# If it is not more than 0, the default value is specified. +# The default value is 1024. +# +#cache-lcnum 1024 + +# On-disk B+ Tree +# Specifies the maximum number of non-leaf nodes to be cached. +# If it is not more than 0, the default value is specified. +# The default value is 512. +# +#cache-ncnum 512 + +# On-disk B+ Tree +# Specifies the number of members in each leaf page. +# If it is not more than 0, the default value is specified. +# The default value is 128. +# +#tune-lmemb 128 + +# On-disk B+ Tree +# Specifies the number of members in each non-leaf page. +# If it is not more than 0, the default value is specified. +# The default value is 256. +# +#tune-nmemb 256 + +# On-disk B+ Tree +# Specifies the number of elements of the bucket array. +# If it is not more than 0, the default value is specified. +# The default value is 32749. +# Suggested size of the bucket array is about from 1 to 4 +# times of the number of all pages to be stored. +# +#tune-bnum 32749 + +# On-disk B+ Tree +# Specifies that each page is compressed with ZLIB|BZ2 encoding. +# Disabled by default. +# +#compression zlib diff --git a/templates/logrotate.conf.jj b/templates/logrotate.conf.jj new file mode 100644 index 0000000..d7e97ab --- /dev/null +++ b/templates/logrotate.conf.jj @@ -0,0 +1,23 @@ +{{ apache_base_dir }}/logs/access*log { + daily + rotate 365 + compress + missingok + notifempty + sharedscripts + postrotate + /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true + endscript +} + +{{ apache_base_dir }}/logs/php*log { + daily + rotate 15 + missingok + notifempty + sharedscripts + postrotate + /bin/kill -SIGUSR1 `cat /var/opt/remi/php73/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true + endscript + } + diff --git a/templates/pool.conf.jj b/templates/pool.conf.jj new file mode 100644 index 0000000..a6de10f --- /dev/null +++ b/templates/pool.conf.jj @@ -0,0 +1,22 @@ +[www_{{apache_server_name}}] +user = {{ apache_user }} +group = apache +listen = {{ apache_php_socket }} +listen.owner = {{ apache_user }} +listen.group = apache +listen.mode = 0660 +pm = static +pm.max_children = 50 +pm.start_servers = 5 +pm.min_spare_servers = 5 +pm.max_spare_servers = 10 +pm.max_requests = 10000 +pm.status_path = /ncstatus +slowlog = {{ apache_base_dir }}/logs/php-slow.log +request_slowlog_timeout = 0 +php_admin_value[error_log] = {{ apache_base_dir }}/logs/php-error.log +php_admin_flag[log_errors] = on +php_value[session.save_handler] = files +php_value[session.save_path] = {{ apache_base_dir }}/session +php_value[soap.wsdl_cache_dir] = {{ apache_base_dir }}/wsdlcache + diff --git a/templates/vhost.conf.jj b/templates/vhost.conf.jj new file mode 100644 index 0000000..97e227d --- /dev/null +++ b/templates/vhost.conf.jj @@ -0,0 +1,43 @@ + + Servername {{ apache_server_name }} + {%for alias in apache_server_alias %} + ServerAlias {{ alias }} + {%endfor%} + DocumentRoot {{ apache_document_root }} + + require all granted + Options -indexes + + {%if apache_use_ssl %} + RewriteEngine on + RewriteCond %{HTTPS} off + RewriteCond %{REQUEST_URI} "!^/\.well-known" + RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L] + {%endif %} + + +{%if apache_use_ssl %} + + Servername {{ apache_server_name }} + {%for alias in apache_server_alias %} + ServerAlias {{ alias }} + {%endfor%} + DocumentRoot {{ apache_document_root }} + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA + SSLCertificateChainFile {{ apache_ssl_chain }} + SSLCertificateFile {{ apache_ssl_certificate }} + SSLCertificateKeyFile {{ apache_ssl_key }} + CustomLog {{ apache_access_log }} combined + DirectoryIndex index.php index.html + + require all granted + Options +Indexes + AllowOverride {{ apache_allowoverride }} + + + SetHandler "proxy:unix:{{ apache_php_socket }}|fcgi://localhost/" + + +{%endif %} \ No newline at end of file diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..14f24ac --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - apache_vhost \ No newline at end of file diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..d8c3d74 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for apache_vhost \ No newline at end of file