role apache_vhost: up and running

.travis.yml

@@ -0,0 +1,29 @@
+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

README.md

@@ -0,0 +1,51 @@
+Role Name
+=========
+
+This will setup a basic vhost + php fpm (config, directories, dedicated account, logrotate )
+
+Requirements
+------------
+
+Obviously an apache server, you'll probably want php and some certificates too.
+
+Role Variables
+--------------
+
+apache_server_name
+apache_server_alias (list)
+apache_base_dir: /srv/{{ apache_server_name }}
+apache_document_root: {{ apache_base_dir }}/www
+apache_access_log: {{ apache_base_dir}}/logs/access_log
+apache_php_socket: {{ apache_base_dir }}/php-fpm.sock
+apache_use_php: true
+apache_use_ssl: true
+apache_stats: true
+apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem
+apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem
+apache_ssl_key: /etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem
+apache_user: {{ apache_server_name }}
+apache_allowoverride: all
+
+Example Playbook
+----------------
+
+- name: setup apache vhost for mdv
+  hosts: alpine
+  vars:
+    apache_server_name: maisonduvelolyon.org
+    apache_server_alias:
+    - stats.maisonduvelolyon.org
+    - pignonsurrue.org
+    apache_use_ssl: true
+  roles:
+    - apache_vhost
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+Thomas C <thomas@opendoor.fr>

defaults/main.yml

@@ -0,0 +1,15 @@
+---
+# defaults file for apache_vhost
+apache_base_dir: "/srv/{{ apache_server_name }}"
+apache_document_root: "{{ apache_base_dir }}/www"
+apache_access_log: "{{ apache_base_dir}}/logs/access_log"
+apache_php_socket: "{{ apache_base_dir }}/php-fpm.sock"
+apache_use_php: true
+apache_use_ssl: true
+apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
+apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem"
+apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem "
+apache_user: "{{ apache_server_name }}"
+apache_allowoverride: all
+apache_restart: false
+apache_stats: true

handlers/main.yml

@@ -0,0 +1,13 @@
+---
+# handlers file for apache_vhost
+- name: restart apache
+  service:
+    name: httpd
+    state: restarted
+  when: apache_restart
+
+- name: restart php-fpm
+  service:
+    name: php73-php-fpm
+    state: restarted
+  when: apache_restart

meta/main.yml

@@ -0,0 +1,53 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.9
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
+  

tasks/goaccess.yml

@@ -0,0 +1,26 @@
+---
+- name: goaccess - install
+  yum:
+    name: https://infra.opendoor.fr/Files/goaccess-1.3-1.el7.x86_64.rpm
+    state: present
+
+- name: goaccess - configure
+  template:
+    src: goaccess.conf
+    dest: "/srv/{{ apache_server_name }}/goaccess.conf"
+    owner: "{{ apache_user }}"
+
+- name: goaccess - create stats dir
+  file:
+    path: "/srv/{{ apache_server_name }}/stats"
+    owner: "{{ apache_user }}"
+    state: directory
+
+- name: goaccess - create cronjob
+  cron:
+    name: "goaccess {{ apache_server_name }}"
+    cron_file: "goaccess_{{ apache_server_name }}"
+    user: "{{ apache_user }}"
+    hour: "00"
+    minute: "{{ 59 | random(seed=inventory_hostname) }}"
+    job: "LANG=fr_FR.UTF8 /usr/bin/goaccess  -p /srv/{{ apache_server_name }}/goaccess.conf --load-from-disk --keep-db-files"

tasks/main.yml

@@ -0,0 +1,49 @@
+---
+# tasks file for apache_vhost
+- name: create dedicated user
+  user:
+    name: "{{ apache_user }}"
+    groups:
+    - apache
+    - ssh_users
+    home: "{{ apache_base_dir }}"
+    shell: /bin/bash
+
+- name: vhost config file
+  template:
+    src: vhost.conf.jj
+    dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
+    mode: 0644
+  notify: restart apache
+
+- name: php-fpm config file
+  template:
+    src: pool.conf.jj
+    dest: /etc/opt/remi/php73/php-fpm.d/{{apache_server_name }}.conf
+  notify: restart php-fpm
+  when: apache_use_php
+
+- name: create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ apache_user }}"
+    group: apache
+    mode: 0750
+  loop:
+    - "{{ apache_base_dir }}"
+    - "{{ apache_base_dir }}/logs"
+    - "{{ apache_base_dir }}/www"
+    - "{{ apache_base_dir }}/session"
+    - "{{ apache_base_dir }}/wsdlcache"
+
+- name: logrotate config file
+  template:
+    src: logrotate.conf.jj
+    dest: "/etc/logrotate.d/{{ apache_server_name }}.conf"
+    mode: 0644
+
+- name: goaccess
+  import_tasks: goaccess.yml
+  when: apache_stats
+  tags: stats

templates/goaccess.conf

@@ -0,0 +1,719 @@
+######################################
+# Time Format Options (required)
+######################################
+#
+# The hour (24-hour clock) [00,23]; leading zeros are permitted but not required.
+# The minute [00,59]; leading zeros are permitted but not required.
+# The seconds [00,60]; leading zeros are permitted but not required.
+# See `man strftime` for more details
+#
+# The following time format works with any of the
+# Apache/NGINX's log formats below.
+#
+#time-format %H:%M:%S
+#
+# Google Cloud Storage or
+# The time in microseconds since the Unix epoch.
+#
+#time-format %f
+
+# Squid native log format
+#
+#time-format %s
+
+######################################
+# Date Format Options (required)
+######################################
+#
+# The date-format variable followed by a space, specifies
+# the log format date containing any combination of regular
+# characters and special format specifiers. They all begin with a
+# percentage (%) sign. See `man strftime`
+#
+# The following date format works with any of the
+# Apache/NGINX's log formats below.
+#
+#date-format %d/%b/%Y
+#
+# AWS | Amazon CloudFront (Download Distribution)
+# AWS | Elastic Load Balancing
+# W3C (IIS)
+#
+#date-format %Y-%m-%d
+#
+# Google Cloud Storage or
+# The time in microseconds since the Unix epoch.
+#
+#date-format %f
+
+# Squid native log format
+#
+#date-format %s
+
+######################################
+# Log Format Options (required)
+######################################
+#
+# The log-format variable followed by a space or \t for
+# tab-delimited, specifies the log format string.
+#
+# NOTE: If the time/date is a timestamp in seconds or microseconds
+# %x must be used instead of %d & %t to represent the date & time.
+
+# NCSA Combined Log Format
+#log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+# NCSA Combined Log Format with Virtual Host
+#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+# Common Log Format (CLF)
+#log-format %h %^[%d:%t %^] "%r" %s %b
+
+# Common Log Format (CLF) with Virtual Host
+#log-format %v:%^ %h %^[%d:%t %^] "%r" %s %b
+
+# W3C
+#log-format %d %t %h %^ %^ %^ %^ %r %^ %s %b %^ %^ %u %R
+
+# Squid native log format
+#log-format %^ %^ %^ %v %^: %x.%^ %~%L %h %^/%s %b %m %U
+
+# AWS | Amazon CloudFront (Download Distribution)
+#log-format %d\t%t\t%^\t%b\t%h\t%m\t%^\t%r\t%s\t%R\t%u\t%^
+
+# Google Cloud Storage
+#log-format "%x","%h",%^,%^,"%m","%U","%s",%^,"%b","%D",%^,"%R","%u"
+
+# AWS | Elastic Load Balancing
+#log-format %dT%t.%^ %^ %h:%^ %^ %T %^ %^ %^ %s %^ %b "%r" "%u"
+
+# AWSS3 | Amazon Simple Storage Service (S3)
+#log-format %^[%d:%t %^] %h %^"%r" %s %^ %b %^ %L %^ "%R" "%u"
+
+# Virtualmin Log Format with Virtual Host
+#log-format %h %^ %v %^[%d:%t %^] "%r" %s %b "%R" "%u"
+
+# In addition to specifying the raw log/date/time formats, for
+# simplicity, any of the following predefined log format names can be
+# supplied to the log/date/time-format variables. GoAccess  can  also
+# handle  one  predefined name in one variable and another predefined
+# name in another variable.
+#
+log-format COMBINED
+#log-format VCOMBINED
+#log-format COMMON
+#log-format VCOMMON
+#log-format W3C
+#log-format SQUID
+#log-format CLOUDFRONT
+#log-format CLOUDSTORAGE
+#log-format AWSELB
+#log-format AWSS3
+
+######################################
+# UI Options
+######################################
+
+# Choose among color schemes
+# 1 : Monochrome
+# 2 : Green
+# 3 : Monokai (if 256-colors supported)
+#
+color-scheme 3
+
+# Prompt log/date configuration window on program start.
+#
+config-dialog false
+
+# Color highlight active panel.
+#
+hl-header true
+
+# Specify a custom CSS file in the HTML report.
+#
+#html-custom-css /path/file.css
+
+# Specify a custom JS file in the HTML report.
+#
+#html-custom-js /path/file.js
+
+# Set default HTML preferences.
+#
+# NOTE: A valid JSON object is required.
+# DO NOT USE A MULTILINE JSON OBJECT.
+# The parser will only parse the value next to `html-prefs` (single line)
+# It allows the ability to customize each panel plot. See example below.
+#
+#html-prefs {"theme":"bright","perPage":5,"layout":"horizontal","showTables":true,"visitors":{"plot":{"chartType":"bar"}}}
+
+# Set HTML report page title and header.
+#
+#html-report-title My Awesome Web Stats
+
+# Format JSON output using tabs and newlines.
+#
+json-pretty-print false
+
+# Turn off colored output. This is the  default output on
+# terminals that do not support colors.
+# true  : for no color output
+# false : use color-scheme
+#
+no-color false
+
+# Don't write column names in the terminal output. By default, it displays
+# column names for each available metric in every panel.
+#
+no-column-names false
+
+# Disable summary metrics on the CSV output.
+#
+no-csv-summary false
+
+# Disable progress metrics.
+#
+no-progress false
+
+# Disable scrolling through panels on TAB.
+#
+no-tab-scroll false
+
+# Do not show the last updated field displayed in the HTML generated report.
+#
+#no-html-last-updated true
+
+# Enable mouse support on main dashboard.
+#
+with-mouse false
+
+# Maximum number of items to show per panel.
+# Note: Only the CSV and JSON outputs allow a maximum greater than the
+# default value of 366.
+#
+#max-items 366
+
+# Custom colors for the terminal output
+# Tailor GoAccess to suit your own tastes.
+#
+# Color Syntax:
+# DEFINITION space/tab colorFG#:colorBG# [[attributes,] PANEL]
+#
+# FG# = foreground color number [-1...255] (-1 = default terminal color)
+# BG# = background color number [-1...255] (-1 = default terminal color)
+#
+# Optionally:
+#
+# It is possible to apply color attributes, such as:
+# bold,underline,normal,reverse,blink.
+# Multiple attributes are comma separated
+#
+# If desired, it is possible to apply custom colors per panel, that is, a
+# metric in the REQUESTS panel can be of color A, while the same metric in the
+# BROWSERS panel can be of color B.
+#
+# The following is a 256 color scheme (hybrid palette)
+#
+#color COLOR_MTRC_HITS              color110:color-1
+#color COLOR_MTRC_VISITORS          color173:color-1
+#color COLOR_MTRC_DATA              color221:color-1
+#color COLOR_MTRC_BW                color167:color-1
+#color COLOR_MTRC_AVGTS             color143:color-1
+#color COLOR_MTRC_CUMTS             color247:color-1
+#color COLOR_MTRC_MAXTS             color186:color-1
+#color COLOR_MTRC_PROT              color109:color-1
+#color COLOR_MTRC_MTHD              color139:color-1
+#color COLOR_MTRC_HITS_PERC         color186:color-1
+#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1
+#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 VISITORS
+#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 OS
+#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 BROWSERS
+#color COLOR_MTRC_HITS_PERC_MAX     color139:color-1 VISIT_TIMES
+#color COLOR_MTRC_VISITORS_PERC     color186:color-1
+#color COLOR_MTRC_VISITORS_PERC_MAX color139:color-1
+#color COLOR_PANEL_COLS             color243:color-1
+#color COLOR_BARS                   color250:color-1
+#color COLOR_ERROR                  color231:color167
+#color COLOR_SELECTED               color7:color167
+#color COLOR_PANEL_ACTIVE           color7:color237
+#color COLOR_PANEL_HEADER           color250:color235
+#color COLOR_PANEL_DESC             color242:color-1
+#color COLOR_OVERALL_LBLS           color243:color-1
+#color COLOR_OVERALL_VALS           color167:color-1
+#color COLOR_OVERALL_PATH           color186:color-1
+#color COLOR_ACTIVE_LABEL           color139:color235 bold underline
+#color COLOR_BG                     color250:color-1
+#color COLOR_DEFAULT                color243:color-1
+#color COLOR_PROGRESS               color7:color110
+
+######################################
+# Server Options
+######################################
+
+# Specify IP address to bind server to.
+#
+#addr 0.0.0.0
+
+# Run GoAccess as daemon (if --real-time-html enabled).
+#
+#daemonize false
+
+# Ensure clients send the specified origin header upon the WebSocket
+# handshake.
+#
+origin https://{{ apache_server_name }}
+
+# The port to which the connection is being attempted to connect.
+# By default GoAccess' WebSocket server listens on port 7890
+# See man page or http://gwsocket.io for details.
+#
+port 7890
+
+# Enable real-time HTML output.
+#
+#real-time-html true
+
+# Path to TLS/SSL certificate.
+# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL.
+#
+#ssl-cert /path/ssl/domain.crt
+
+# Path to TLS/SSL private key.
+# Note that ssl-cert and ssl-key need to be used to enable TLS/SSL.
+#
+#ssl-key /path/ssl/domain.key
+
+# URL to which the WebSocket server responds. This is the URL supplied
+# to the WebSocket constructor on the client side.
+#
+# Optionally, it is possible to specify the WebSocket URI scheme, such as ws://
+# or wss:// for unencrypted and encrypted connections.
+# e.g., ws-url wss://goaccess.io
+#
+# If GoAccess is running behind a proxy, you could set the client side
+# to connect to a different port by specifying the host followed by a
+# colon and the port.
+# e.g., ws-url goaccess.io:9999
+#
+# By default, it will attempt to connect to localhost. If GoAccess is
+# running on a remote server, the host of the remote server should be
+# specified here. Also, make sure it is a valid host and NOT an http
+# address.
+#
+#ws-url goaccess.io
+
+# Path to read named pipe (FIFO).
+#
+#fifo-in /tmp/wspipein.fifo
+
+# Path to write named pipe (FIFO).
+#
+#fifo-in /tmp/wspipeout.fifo
+
+######################################
+# File Options
+######################################
+
+# Specify the path to the input log file. If set, it will take
+# priority over -f from the command line.
+#
+log-file {{ apache_access_log }}
+
+# Send all debug messages to the specified file.
+#
+#debug-file debug.log
+
+# Specify a custom configuration file to use. If set, it will take
+# priority over the global configuration file (if any).
+#
+#config-file <filename>
+
+# Log invalid requests to the specified file.
+#
+#invalid-requests <filename>
+
+# Do not load the global configuration file.
+#
+#no-global-config false
+
+######################################
+# Parse Options
+######################################
+
+# Enable a list of user-agents by host. For faster parsing, do not
+# enable this flag.
+#
+agent-list false
+
+#  Enable IP resolver on HTML|JSON|CSV output.
+#
+with-output-resolver false
+
+# Exclude an IPv4 or IPv6 from being counted.
+# Ranges can be included as well using a dash in between
+# the IPs (start-end).
+#
+#exclude-ip 127.0.0.1
+#exclude-ip 192.168.0.1-192.168.0.100
+#exclude-ip ::1
+#exclude-ip 0:0:0:0:0:ffff:808:804-0:0:0:0:0:ffff:808:808
+exclude-ip 100.0.0.10
+
+# Include HTTP request method if found. This will create a
+# request key containing the request method + the actual request.
+#
+# <yes|no> [default: yes]
+#
+http-method yes
+
+# Include HTTP request protocol if found. This will create a
+# request key containing the request protocol + the actual request.
+#
+# <yes|no> [default: yes]
+#
+http-protocol yes
+
+# Write  output to stdout given one of the following files and the
+# corresponding extension for the output format:
+#
+# /path/file.csv  - Comma-separated values (CSV)
+# /path/file.json - JSON (JavaScript Object Notation)
+# /path/file.html - HTML
+#
+output-format {{ apache_base_dir }}/www/stats.html
+
+# Ignore request's query string.
+# i.e.,  www.google.com/page.htm?query => www.google.com/page.htm
+#
+# Note: Removing the query string can greatly decrease memory
+# consumption, especially on timestamped requests.
+#
+no-query-string false
+
+# Disable IP resolver on terminal output.
+#
+no-term-resolver false
+
+# Treat non-standard status code 444 as 404.
+#
+444-as-404 false
+
+# Add 4xx client errors to the unique visitors count.
+#
+4xx-to-unique-count false
+
+# Include static files that contain a query string in the static files
+# panel.
+# e.g., /fonts/fontawesome-webfont.woff?v=4.0.3
+#
+all-static-files false
+
+# Date specificity. Possible values: `date` (default), or `hr`.
+#
+#date-spec hr
+
+# Decode double-encoded values.
+#
+double-decode false
+
+# Enable parsing/displaying the given panel.
+#
+#enable-panel VISITORS
+#enable-panel REQUESTS
+#enable-panel REQUESTS_STATIC
+#enable-panel NOT_FOUND
+#enable-panel HOSTS
+#enable-panel OS
+#enable-panel BROWSERS
+#enable-panel VISIT_TIMES
+#enable-panel VIRTUAL_HOSTS
+#enable-panel REFERRERS
+#enable-panel REFERRING_SITES
+#enable-panel KEYPHRASES
+#enable-panel STATUS_CODES
+#enable-panel REMOTE_USER
+#enable-panel GEO_LOCATION
+
+# Hour specificity. Possible values: `hr` (default), or `min` (tenth
+# of a minute).
+#
+#hour-spec min
+
+# Ignore crawlers from being counted.
+# This will ignore robots listed under browsers.c
+# Note that it will count them towards the total
+# number of requests, but excluded from any of the panels.
+#
+ignore-crawlers false
+
+# Parse and display crawlers only.
+# This will ignore robots listed under browsers.c
+# Note that it will count them towards the total
+# number of requests, but excluded from any of the panels.
+#
+crawlers-only false
+
+# Ignore parsing and displaying the given panel.
+#
+#ignore-panel VISITORS
+#ignore-panel REQUESTS
+#ignore-panel REQUESTS_STATIC
+#ignore-panel NOT_FOUND
+#ignore-panel HOSTS
+#ignore-panel OS
+#ignore-panel BROWSERS
+#ignore-panel VISIT_TIMES
+#ignore-panel VIRTUAL_HOSTS
+#ignore-panel REFERRERS
+#ignore-panel REFERRING_SITES
+#ignore-panel KEYPHRASES
+#ignore-panel STATUS_CODES
+#ignore-panel REMOTE_USER
+#ignore-panel GEO_LOCATION
+
+# Ignore referers from being counted.
+# This supports wild cards. For instance,
+# '*' matches 0 or more characters (including spaces)
+# '?' matches exactly one character
+#
+#ignore-referer *.domain.com
+#ignore-referer ww?.domain.*
+
+# Ignore parsing and displaying one or multiple status code(s)
+#
+#ignore-status 400
+#ignore-status 502
+
+# Number of lines from the access log to test against the provided
+# log/date/time format. By default, the parser is set to test 10
+# lines. If set to 0, the parser won't test  any  lines and will parse
+# the whole access log.
+#
+#num-tests 10
+
+# Parse log and exit without outputting data.
+#
+#process-and-exit false
+
+# Display real OS names. e.g, Windows XP, Snow Leopard.
+#
+real-os true
+
+# Sort panel on initial load.
+# Sort options are separated by comma.
+# Options are in the form: PANEL,METRIC,ORDER
+#
+# Available metrics:
+#  BY_HITS     - Sort by hits
+#  BY_VISITORS - Sort by unique visitors
+#  BY_DATA     - Sort by data
+#  BY_BW       - Sort by bandwidth
+#  BY_AVGTS    - Sort by average time served
+#  BY_CUMTS    - Sort by cumulative time served
+#  BY_MAXTS    - Sort by maximum time served
+#  BY_PROT     - Sort by http protocol
+#  BY_MTHD     - Sort by http method
+# Available orders:
+#  ASC
+#  DESC
+#
+#sort-panel VISITORS,BY_DATA,ASC
+#sort-panel REQUESTS,BY_HITS,ASC
+#sort-panel REQUESTS_STATIC,BY_HITS,ASC
+#sort-panel NOT_FOUND,BY_HITS,ASC
+#sort-panel HOSTS,BY_HITS,ASC
+#sort-panel OS,BY_HITS,ASC
+#sort-panel BROWSERS,BY_HITS,ASC
+#sort-panel VISIT_TIMES,BY_DATA,DESC
+#sort-panel VIRTUAL_HOSTS,BY_HITS,ASC
+#sort-panel REFERRERS,BY_HITS,ASC
+#sort-panel REFERRING_SITES,BY_HITS,ASC
+#sort-panel KEYPHRASES,BY_HITS,ASC
+#sort-panel STATUS_CODES,BY_HITS,ASC
+#sort-panel REMOTE_USER,BY_HITS,ASC
+#sort-panel GEO_LOCATION,BY_HITS,ASC
+
+# Consider the following extensions as static files
+# The actual '.' is required and extensions are case sensitive
+# For a full list, uncomment the less common static extensions below.
+#
+static-file .css
+static-file .js
+static-file .jpg
+static-file .png
+static-file .gif
+static-file .ico
+static-file .jpeg
+static-file .pdf
+static-file .txt
+static-file .csv
+static-file .zip
+static-file .mp3
+static-file .mp4
+static-file .mpeg
+static-file .mpg
+static-file .exe
+static-file .swf
+static-file .woff
+static-file .woff2
+static-file .xls
+static-file .xlsx
+static-file .doc
+static-file .docx
+static-file .ppt
+static-file .pptx
+static-file .iso
+static-file .gz
+static-file .rar
+static-file .svg
+static-file .bmp
+static-file .tar
+static-file .tgz
+static-file .tiff
+static-file .tif
+static-file .ttf
+static-file .flv
+#static-file .less
+#static-file .ac3
+#static-file .avi
+#static-file .bz2
+#static-file .class
+#static-file .cue
+#static-file .dae
+#static-file .dat
+#static-file .dts
+#static-file .ejs
+#static-file .eot
+#static-file .eps
+#static-file .img
+#static-file .jar
+#static-file .map
+#static-file .mid
+#static-file .midi
+#static-file .mkv
+#static-file .odp
+#static-file .ods
+#static-file .odt
+#static-file .ogg
+#static-file .otf
+#static-file .pict
+#static-file .pls
+#static-file .ps
+#static-file .qt
+#static-file .rm
+#static-file .svgz
+#static-file .wav
+#static-file .webp
+
+######################################
+# GeoIP Options
+# Only if configured with --enable-geoip
+######################################
+
+# Standard GeoIP database for less memory usage.
+#
+#std-geoip false
+
+# Specify path to GeoIP database file. i.e., GeoLiteCity.dat
+# .dat file needs to be downloaded from maxmind.com.
+#
+# For IPv4 City database:
+# wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
+# gunzip GeoLiteCity.dat.gz
+#
+# For IPv6 City database:
+# wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz
+# gunzip GeoLiteCityv6.dat.gz
+#
+# For IPv6 Country database:
+# wget -N http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz
+# gunzip GeoIPv6.dat.gz
+#
+# Note: `geoip-city-data` is an alias of `geoip-database`
+#
+#geoip-database /usr/local/share/GeoIP/GeoLiteCity.dat
+
+######################################
+# Tokyo Cabinet Options
+# Only if configured with --enable-tcb=btree
+######################################
+
+# GoAccess has the ability to process logs incrementally through the on-disk
+# B+Tree database.
+#
+# It works in the following way:
+# - A data set must be persisted first with --keep-db-files, then the same data
+#   set can be loaded with --load-from-disk.
+# - If new data is passed (piped or through a log file), it will append it to
+#   the original data set.
+# - To preserve the data at all times, --keep-db-files must be used.
+# - If --load-from-disk is used without --keep-db-files, database files will be
+#   deleted upon closing the program.
+
+# On-disk B+ Tree
+# Persist parsed data into disk. This should be set to
+# the first dataset prior to use `load-from-disk`.
+# Setting it to false will delete all database files
+# when exiting the program.
+keep-db-files true
+
+# On-disk B+ Tree
+# Load previously stored data from disk.
+# Database files need to exist. See `keep-db-files`.
+#load-from-disk false
+
+# On-disk B+ Tree
+# Path where the on-disk database files are stored.
+# The default value is the /tmp/ directory
+# Note the trailing forward-slash.
+#
+db-path {{ apache_base_dir }}/stats/
+
+# On-disk B+ Tree
+# Set the size in bytes of the extra mapped memory.
+# The default value is 0.
+#
+#xmmap 0
+
+# On-disk B+ Tree
+# Max number of leaf nodes to be cached.
+# Specifies the maximum number of leaf nodes to be cached.
+# If it is not more than 0, the default value is specified.
+# The default value is 1024.
+#
+#cache-lcnum 1024
+
+# On-disk B+ Tree
+# Specifies the maximum number of non-leaf nodes to be cached.
+# If it is not more than 0, the default value is specified.
+# The default value is 512.
+#
+#cache-ncnum 512
+
+# On-disk B+ Tree
+# Specifies the number of members in each leaf page.
+# If it is not more than 0, the default value is specified.
+# The default value is 128.
+#
+#tune-lmemb 128
+
+# On-disk B+ Tree
+# Specifies the number of members in each non-leaf page.
+# If it is not more than 0, the default value is specified.
+# The default value is 256.
+#
+#tune-nmemb 256
+
+# On-disk B+ Tree
+# Specifies the number of elements of the bucket array.
+# If it is not more than 0, the default value is specified.
+# The default value is 32749.
+# Suggested size of the bucket array is about from 1 to 4
+# times of the number of all pages to be stored.
+#
+#tune-bnum 32749
+
+# On-disk B+ Tree
+# Specifies that each page is compressed with ZLIB|BZ2 encoding.
+# Disabled by default.
+#
+#compression zlib

templates/logrotate.conf.jj

@@ -0,0 +1,23 @@
+{{ apache_base_dir }}/logs/access*log {
+   daily
+   rotate 365
+   compress
+   missingok
+   notifempty
+   sharedscripts
+   postrotate
+   /bin/systemctl reload httpd.service > /dev/null 2>/dev/null || true
+   endscript
+}
+
+{{ apache_base_dir }}/logs/php*log {
+   daily
+   rotate 15
+   missingok
+   notifempty
+   sharedscripts
+   postrotate
+   /bin/kill -SIGUSR1 `cat /var/opt/remi/php73/run/php-fpm/php-fpm.pid 2>/dev/null` 2>/dev/null || true
+   endscript
+                                 }
+

templates/pool.conf.jj

@@ -0,0 +1,22 @@
+[www_{{apache_server_name}}]
+user = {{ apache_user }}
+group = apache
+listen = {{ apache_php_socket }}
+listen.owner = {{ apache_user }}
+listen.group = apache
+listen.mode = 0660
+pm = static
+pm.max_children = 50
+pm.start_servers = 5
+pm.min_spare_servers = 5
+pm.max_spare_servers = 10
+pm.max_requests = 10000
+pm.status_path = /ncstatus
+slowlog = {{ apache_base_dir }}/logs/php-slow.log
+request_slowlog_timeout = 0
+php_admin_value[error_log] = {{ apache_base_dir }}/logs/php-error.log
+php_admin_flag[log_errors] = on
+php_value[session.save_handler] = files
+php_value[session.save_path]    = {{ apache_base_dir }}/session
+php_value[soap.wsdl_cache_dir]  = {{ apache_base_dir }}/wsdlcache
+

templates/vhost.conf.jj

@@ -0,0 +1,43 @@
+<VirtualHost *:80>
+   Servername {{ apache_server_name }}
+   {%for alias in apache_server_alias %}
+   ServerAlias {{ alias }}
+   {%endfor%}
+   DocumentRoot {{ apache_document_root }}
+   <Directory {{ apache_document_root }}>
+      require all granted
+      Options -indexes
+   </Directory>
+   {%if apache_use_ssl %}
+   RewriteEngine on
+   RewriteCond %{HTTPS} off
+   RewriteCond %{REQUEST_URI}  "!^/\.well-known"
+   RewriteRule (.*) https://%{SERVER_NAME}$1 [R,L]
+   {%endif %}
+</VirtualHost>
+
+{%if apache_use_ssl %}
+<VirtualHost *:443>
+   Servername {{ apache_server_name }}
+   {%for alias in apache_server_alias %}
+   ServerAlias {{ alias }}
+   {%endfor%}
+   DocumentRoot {{ apache_document_root }}
+   SSLEngine on
+   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+   SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
+   SSLCertificateChainFile {{ apache_ssl_chain }}
+   SSLCertificateFile      {{ apache_ssl_certificate }}
+   SSLCertificateKeyFile   {{ apache_ssl_key }}
+   CustomLog {{ apache_access_log }} combined
+   DirectoryIndex index.php index.html
+   <Directory {{ apache_document_root }}>
+      require all granted
+      Options +Indexes
+      AllowOverride {{ apache_allowoverride }}
+   </Directory>
+   <FilesMatch \.php$>
+      SetHandler  "proxy:unix:{{ apache_php_socket }}|fcgi://localhost/"
+   </FilesMatch>
+</VirtualHost>
+{%endif %}

tests/inventory

@@ -0,0 +1,2 @@
+localhost
+

tests/test.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - apache_vhost

vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for apache_vhost