ansible-role-apache/tasks/configuration.yml

64 lines
1.8 KiB
YAML
Raw Normal View History

---
2023-02-06 22:26:37 +01:00
- name: "Configuration | Disable ServerTokens"
ansible.builtin.lineinfile:
2021-07-28 03:11:08 +02:00
path: /etc/apache2/conf-enabled/security.conf
regexp: '^ServerTokens OS'
line: ServerTokens Prod
notify: reload apache2
2023-02-06 22:26:37 +01:00
- name: "Configuration | Disable access-log"
ansible.builtin.command:
cmd: a2disconf other-vhosts-access-log
removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
2021-07-28 03:11:08 +02:00
notify: reload apache2
2021-07-28 09:56:47 +02:00
2023-02-06 22:26:37 +01:00
- name: "Configuration | Generate Diffie Hellman parameters"
openssl_dhparam:
path: "{{ dhparams_path }}"
# Most of our apache2 instances are currently running behind public reverse proxies.
# Thus, they do not offer HTTPS and do not need DH parameters.
# The only possible exceptions are external hosts (e.g. orwell).
2023-02-06 22:51:00 +01:00
when: apache.is_proxy is defined and apache.is_proxy
2023-02-06 22:26:37 +01:00
- name: "Configuration | Copy misc configuration files"
ansible.builtin.copy:
2021-07-28 09:56:47 +02:00
src: "{{ item }}"
dest: "/etc/apache2/conf-available/{{ item }}"
mode: 0644
loop:
- add-headers.conf
- letsencrypt.conf
- sao-cache.conf
2023-02-06 22:26:37 +01:00
- name: "Configuration | Copy configuration templates"
ansible.builtin.template:
src: "{{ item }}"
dest: /etc/apache2/conf-available/
mode: 0644
loop:
- remoteip.conf
- ssl.conf
2023-02-06 22:26:37 +01:00
- name: "Configuration | Enable modules"
community.general.apache2_module:
name: "{{ item }}"
state: present
notify: reload apache2
2023-02-06 22:51:00 +01:00
when: apache.is_proxy is defined and apache.is_proxy
loop:
- headers
- mpm_event
- ssl
2023-02-06 22:26:37 +01:00
- name: "Configuration | Enable configuration"
ansible.builtin.command:
cmd: "a2enconf {{ item }}"
creates: "/etc/apache2/conf-enabled/{{ item }}"
notify: reload apache2
2023-02-06 22:51:00 +01:00
when: apache.is_proxy is defined and apache.is_proxy
2021-07-28 09:56:47 +02:00
loop:
- add-headers.conf
2021-07-28 11:24:28 +02:00
- letsencrypt.conf
2022-07-26 17:45:32 +02:00
- sao-cache.conf
2021-07-28 09:56:47 +02:00
- ssl.conf