63 lines
1.8 KiB
YAML
63 lines
1.8 KiB
YAML
---
|
|
- name: "Configuration | Disable ServerTokens"
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/apache2/conf-enabled/security.conf
|
|
regexp: '^ServerTokens OS'
|
|
line: ServerTokens Prod
|
|
notify: reload apache2
|
|
|
|
- name: "Configuration | Disable access-log"
|
|
ansible.builtin.command:
|
|
cmd: a2disconf other-vhosts-access-log
|
|
removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
|
|
notify: reload apache2
|
|
|
|
- name: "Configuration | Generate Diffie Hellman parameters"
|
|
openssl_dhparam:
|
|
path: "{{ dhparams_path }}"
|
|
# Most of our apache2 instances are currently running behind public reverse proxies.
|
|
# Thus, they do not offer HTTPS and do not need DH parameters.
|
|
# The only possible exceptions are external hosts (e.g. orwell).
|
|
when: apache.is_proxy is defined and apache.is_proxy
|
|
|
|
- name: "Configuration | Copy misc configuration files"
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
|
mode: 0644
|
|
loop:
|
|
- add-headers.conf
|
|
- letsencrypt.conf
|
|
- sao-cache.conf
|
|
|
|
- name: "Configuration | Copy configuration templates"
|
|
ansible.builtin.template:
|
|
src: "{{ item }}"
|
|
dest: /etc/apache2/conf-available/
|
|
mode: 0644
|
|
loop:
|
|
- remoteip.conf
|
|
- ssl.conf
|
|
|
|
- name: "Configuration | Enable modules"
|
|
community.general.apache2_module:
|
|
name: "{{ item }}"
|
|
state: present
|
|
notify: reload apache2
|
|
when: apache.is_proxy is defined and apache.is_proxy
|
|
loop:
|
|
- headers
|
|
- mpm_event
|
|
- ssl
|
|
|
|
- name: "Configuration | Enable configuration"
|
|
ansible.builtin.command:
|
|
cmd: "a2enconf {{ item }}"
|
|
creates: "/etc/apache2/conf-enabled/{{ item }}"
|
|
notify: reload apache2
|
|
when: apache.is_proxy is defined and apache.is_proxy
|
|
loop:
|
|
- add-headers.conf
|
|
- letsencrypt.conf
|
|
- sao-cache.conf
|
|
- ssl.conf
|