apache2: Aktiviere Konfiguration für externe hosts

This commit is contained in:
phil 2022-12-27 12:01:38 +01:00
parent 634c745c66
commit 7c15ce9d1f
3 changed files with 33 additions and 8 deletions

View file

@ -1,2 +1,2 @@
--- ---
# defaults file for apache2 dhparams_path: /etc/ssl/dhparams.pem

View file

@ -1,18 +1,43 @@
- name: "configuration: Server-Tokens deaktivieren" ---
lineinfile: - name: "configuration | Deaktiviere Server-Tokens"
ansible.builtin.lineinfile:
path: /etc/apache2/conf-enabled/security.conf path: /etc/apache2/conf-enabled/security.conf
regexp: '^ServerTokens OS' regexp: '^ServerTokens OS'
line: ServerTokens Prod line: ServerTokens Prod
notify: reload apache2 notify: reload apache2
- name: "configuration: Deaktiviere access-Logs" - name: "configuration | Deaktiviere access-Logs"
command: a2disconf other-vhosts-access-log ansible.builtin.command:
cmd: a2disconf other-vhosts-access-log
removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
notify: reload apache2 notify: reload apache2
- name: "configuration: Kopiere Dateien" - name: "apache | Generiere Diffie-Hellman-Parameter"
copy: openssl_dhparam:
path: "{{ dhparams_path }}"
- name: "configuration | Kopiere Dateien"
ansible.builtin.copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/etc/apache2/conf-available/{{ item }}" dest: "/etc/apache2/conf-available/{{ item }}"
mode: 0644
loop:
- add-headers.conf
- letsencrypt.conf
- sao-cache.conf
- name: "configuration | Kopiere SSL-Konfiguration"
ansible.builtin.template:
src: ssl.conf
dest: /etc/apache2/conf-available/ssl.conf
mode: 0644
- name: "configuration | Aktiviere Konfiguration"
ansible.builtin.command:
cmd: "a2enmod {{ item }}"
creates: "/etc/apache2/conf-enabled/{{ item }}"
notify: reload apache2
when: "'extern_hosts' in group_names"
loop: loop:
- add-headers.conf - add-headers.conf
- letsencrypt.conf - letsencrypt.conf

View file

@ -7,4 +7,4 @@ SSLUseStapling on
SSLStaplingResponderTimeout 5 SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(32768) SSLStaplingCache shmcb:/var/run/ocsp(32768)
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparams.pem SSLOpenSSLConfCmd DHParameters {{ dhparams_path }}