apache2: Aktiviere Konfiguration für externe hosts

defaults/main.yml

@@ -1,2 +1,2 @@
 ---
-# defaults file for apache2
+dhparams_path: /etc/ssl/dhparams.pem

tasks/configuration.yml

@@ -1,18 +1,43 @@
-- name: "configuration: Server-Tokens deaktivieren"
-  lineinfile:
+---
+- name: "configuration | Deaktiviere Server-Tokens"
+  ansible.builtin.lineinfile:
     path: /etc/apache2/conf-enabled/security.conf
     regexp: '^ServerTokens OS'
     line: ServerTokens Prod
   notify: reload apache2
 
-- name: "configuration: Deaktiviere access-Logs"
-  command: a2disconf other-vhosts-access-log
+- name: "configuration | Deaktiviere access-Logs"
+  ansible.builtin.command:
+    cmd: a2disconf other-vhosts-access-log
+    removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
   notify: reload apache2
 
-- name: "configuration: Kopiere Dateien"
-  copy:
+- name: "apache | Generiere Diffie-Hellman-Parameter"
+  openssl_dhparam:
+    path: "{{ dhparams_path }}"
+
+- name: "configuration | Kopiere Dateien"
+  ansible.builtin.copy:
     src: "{{ item }}"
     dest: "/etc/apache2/conf-available/{{ item }}"
+    mode: 0644
+  loop:
+    - add-headers.conf
+    - letsencrypt.conf
+    - sao-cache.conf
+
+- name: "configuration | Kopiere SSL-Konfiguration"
+  ansible.builtin.template:
+    src: ssl.conf
+    dest: /etc/apache2/conf-available/ssl.conf
+    mode: 0644
+
+- name: "configuration | Aktiviere Konfiguration"
+  ansible.builtin.command:
+    cmd: "a2enmod {{ item }}"
+    creates: "/etc/apache2/conf-enabled/{{ item }}"
+  notify: reload apache2
+  when: "'extern_hosts' in group_names"
   loop:
     - add-headers.conf
     - letsencrypt.conf

templates/ssl.conf

@@ -7,4 +7,4 @@ SSLUseStapling          on
 SSLStaplingResponderTimeout 5
 SSLStaplingReturnResponderErrors off
 SSLStaplingCache        shmcb:/var/run/ocsp(32768)
-SSLOpenSSLConfCmd       DHParameters /etc/ssl/dhparams.pem
+SSLOpenSSLConfCmd       DHParameters {{ dhparams_path }}