63 lines
1.7 KiB
YAML
63 lines
1.7 KiB
YAML
---
|
|
- name: "configuration | Deaktiviere Server-Tokens"
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/apache2/conf-enabled/security.conf
|
|
regexp: '^ServerTokens OS'
|
|
line: ServerTokens Prod
|
|
notify: reload apache2
|
|
|
|
- name: "configuration | Deaktiviere access-Logs"
|
|
ansible.builtin.command:
|
|
cmd: a2disconf other-vhosts-access-log
|
|
removes: /etc/apache2/conf-enabled/other-vhosts-access-log.conf
|
|
notify: reload apache2
|
|
|
|
- name: "apache | Generiere Diffie-Hellman-Parameter"
|
|
openssl_dhparam:
|
|
path: "{{ dhparams_path }}"
|
|
# Most of our apache2 instances are currently running behind public reverse proxies.
|
|
# Thus, they do not offer HTTPS and do not need DH parameters.
|
|
# The only possible exceptions are external hosts (e.g. orwell).
|
|
when: "'extern_hosts' in group_names"
|
|
|
|
- name: "configuration | Kopiere Dateien"
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
|
mode: 0644
|
|
loop:
|
|
- add-headers.conf
|
|
- letsencrypt.conf
|
|
- sao-cache.conf
|
|
|
|
- name: "configuration | Kopiere Templates"
|
|
ansible.builtin.template:
|
|
src: "{{ item }}"
|
|
dest: /etc/apache2/conf-available/
|
|
mode: 0644
|
|
loop:
|
|
- remoteip.conf
|
|
- ssl.conf
|
|
|
|
- name: "configuration | Aktiviere Module"
|
|
ansible.builtin.apache2_module:
|
|
name: "{{ item }}"
|
|
state: present
|
|
notify: reload apache2
|
|
when: "'extern_hosts' in group_names"
|
|
loop:
|
|
- headers
|
|
- mpm_event
|
|
- ssl
|
|
|
|
- name: "configuration | Aktiviere Konfiguration"
|
|
ansible.builtin.command:
|
|
cmd: "a2enconf {{ item }}"
|
|
creates: "/etc/apache2/conf-enabled/{{ item }}"
|
|
notify: reload apache2
|
|
when: "'extern_hosts' in group_names"
|
|
loop:
|
|
- add-headers.conf
|
|
- letsencrypt.conf
|
|
- sao-cache.conf
|
|
- ssl.conf
|