--- - name: "Configuration | Disable ServerTokens" ansible.builtin.lineinfile: path: /etc/apache2/conf-enabled/security.conf regexp: '^ServerTokens OS' line: ServerTokens Prod notify: reload apache2 - name: "Configuration | Disable access-log" ansible.builtin.command: cmd: a2disconf other-vhosts-access-log removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf notify: reload apache2 - name: "Configuration | Generate Diffie Hellman parameters" openssl_dhparam: path: "{{ dhparams_path }}" # Most of our apache2 instances are currently running behind public reverse proxies. # Thus, they do not offer HTTPS and do not need DH parameters. # The only possible exceptions are external hosts (e.g. orwell). when: "'extern_hosts' in group_names" - name: "Configuration | Copy misc configuration files" ansible.builtin.copy: src: "{{ item }}" dest: "/etc/apache2/conf-available/{{ item }}" mode: 0644 loop: - add-headers.conf - letsencrypt.conf - sao-cache.conf - name: "Configuration | Copy configuration templates" ansible.builtin.template: src: "{{ item }}" dest: /etc/apache2/conf-available/ mode: 0644 loop: - remoteip.conf - ssl.conf - name: "Configuration | Enable modules" community.general.apache2_module: name: "{{ item }}" state: present notify: reload apache2 when: "'extern_hosts' in group_names" loop: - headers - mpm_event - ssl - name: "Configuration | Enable configuration" ansible.builtin.command: cmd: "a2enconf {{ item }}" creates: "/etc/apache2/conf-enabled/{{ item }}" notify: reload apache2 when: "'extern_hosts' in group_names" loop: - add-headers.conf - letsencrypt.conf - sao-cache.conf - ssl.conf