ansible-role-apache/tasks/configuration.yml

63 lines
1.8 KiB
YAML

---
- name: "Configuration | Disable ServerTokens"
ansible.builtin.lineinfile:
path: /etc/apache2/conf-enabled/security.conf
regexp: '^ServerTokens OS'
line: ServerTokens Prod
notify: reload apache2
- name: "Configuration | Disable access-log"
ansible.builtin.command:
cmd: a2disconf other-vhosts-access-log
removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
notify: reload apache2
- name: "Configuration | Generate Diffie Hellman parameters"
openssl_dhparam:
path: "{{ dhparams_path }}"
# Most of our apache2 instances are currently running behind public reverse proxies.
# Thus, they do not offer HTTPS and do not need DH parameters.
# The only possible exceptions are external hosts (e.g. orwell).
when: apache.is_proxy is defined and apache.is_proxy
- name: "Configuration | Copy misc configuration files"
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/apache2/conf-available/{{ item }}"
mode: 0644
loop:
- add-headers.conf
- letsencrypt.conf
- sao-cache.conf
- name: "Configuration | Copy configuration templates"
ansible.builtin.template:
src: "{{ item }}"
dest: /etc/apache2/conf-available/
mode: 0644
loop:
- remoteip.conf
- ssl.conf
- name: "Configuration | Enable modules"
community.general.apache2_module:
name: "{{ item }}"
state: present
notify: reload apache2
when: apache.is_proxy is defined and apache.is_proxy
loop:
- headers
- mpm_event
- ssl
- name: "Configuration | Enable configuration"
ansible.builtin.command:
cmd: "a2enconf {{ item }}"
creates: "/etc/apache2/conf-enabled/{{ item }}"
notify: reload apache2
when: apache.is_proxy is defined and apache.is_proxy
loop:
- add-headers.conf
- letsencrypt.conf
- sao-cache.conf
- ssl.conf