Newer
Older
- name: Apache packages present from buster-backports
apt:
pkg:
- apache2
state: present
install_recommends: true
default_release: buster-backports
update_cache: false
when: ansible_distribution_release == "buster"
tags:
- apache
- name: Apache packages present
state: present
install_recommends: true
update_cache: false
when: ansible_distribution_release != "buster"
tags:
- apache
- name: Additional packages present
apt:
pkg:
# Populate current enabled and loaded conf and mods arrays and variables
- name: Include Apache checks
# If the MPM loaded isn't in the apache_mods_enabled array
- name: Include MPM switching tasks
dest: /etc/apache2/envvars
mode: 0755
owner: root
group: root
- name: Conditionally include Webarchitects config
include_tasks: webarch.yml
when: ( apache_conf_enabled is defined ) and ( "webarch" in apache_conf_enabled )
tags:
- apache
- name: Conditionally include mc3 config
include_tasks: mc3.yml
when: ( apache_conf_enabled is defined ) and ( "mc3" in apache_conf_enabled )
tags:
- apache
- name: Let's Encrypt /.well-known/acme-challenge server-wide alias available
template:
src: templates/le.conf.j2
dest: /etc/apache2/conf-available/le.conf
tags:
- apache
dest: /etc/apache2/mods-available/ssl.conf
tags:
- apache
- name: Apache localhost and localhost.d directories in place
loop:
- /var/www/localhost
- /etc/apache2/localhost.d
loop_control:
loop_var: dir
src: "templates/localhost.conf.j2"
dest: "/etc/apache2/sites-available/localhost.conf"
dest: /var/www/html/robots.deny.txt
tags:
- apache
- name: Expires and robots conf available
template:
src: "templates/{{ file }}.j2"
dest: "/etc/apache2/conf-available/{{ file }}"
- expires-strict.conf
- expires-medium.conf
- name: Apache modules disabled
block:
- name: Apache ITK MPM package absent
apt:
pkg:
- libapache2-mpm-itk
state: absent
update_cache: false
when: '"mpm-itk" in apache_mods_disabled'
- name: Apache FastCGI absent
apt:
pkg:
- libapache2-mod-fcgid
state: absent
update_cache: false
when: '"fcgid" in apache_mods_disabled'
- name: Apache suEXEC package absent
apt:
pkg:
- apache2-suexec-pristine
state: absent
update_cache: false
- name: "Apache php{{ apache_php_version }} package absent"
apt:
pkg:
- "libapache2-mod-php{{ apache_php_version }}"
state: absent
update_cache: false
when: ( "php7.0" in apache_mods_disabled ) or ( "php7.2" in apache_mods_disabled ) or ( "php7.3" in apache_mods_disabled )
loop: "{{ apache_mods_disabled }}"
loop_control:
loop_var: mod
when: ( apache_mods_disabled is defined ) and ( apache_mods_disabled != [] )
block:
- name: Apache ITK MPM package present
apt:
pkg:
- libapache2-mpm-itk
state: present
update_cache: false
- name: Apache mpm_prefork.conf in place
template:
src: templates/mpm_prefork.conf.j2
dest: /etc/apache2/mods-available/mpm_prefork.conf
when: ( "mpm-itk" in apache_mods_enabled ) or ( "php7.0" in apache_mods_enabled ) or ( "php7.3" in apache_mods_enabled )
- name: Apache Suexec package present
apt:
pkg:
- apache2-suexec-pristine
state: present
update_cache: false
when: '"suexec" in apache_mods_enabled'
- name: Apache FastCGI package present
apt:
pkg:
- libapache2-mod-fcgid
state: present
update_cache: false
when: '"fcgid" in apache_mods_enabled'
- name: Apache ratelimit conf present
template:
src: templates/ratelimit.conf.j2
dest: /etc/apache2/mods-available/ratelimit.conf
when: '"ratelimit" in apache_mods_enabled'
- name: Apache mod_php package present
apt:
pkg:
- "libapache2-mod-php{{ apache_php_version }}"
state: present
update_cache: false
when: ( "php7.0" in apache_mods_enabled ) or ( "php7.3" in apache_mods_enabled )
- name: Cloudflare config available
include_tasks: cloudflare.yml
when: '"remoteip" in apache_mods_enabled'
- name: Apache modules enabled
include_tasks: a2enmod.yml
loop: "{{ apache_mods_enabled }}"
loop_control:
loop_var: mod
when: ( apache_mods_enabled is defined ) and ( apache_mods_enabled != [] )
- name: Disable and enable Apache conf
block:
- name: Apache conf disabled
include_tasks: a2disconf.yml
when: conf in apache_conf_loaded
loop: "{{ apache_conf_disabled }}"
loop_control:
loop_var: conf
label: "{{ conf }}"
- name: Apache conf enabled
include_tasks: a2enconf.yml
when: conf not in apache_conf_loaded
loop: "{{ apache_conf_enabled }}"
loop_control:
loop_var: conf
label: "{{ conf }}"
when: ( apache_conf_enabled is defined ) and ( apache_conf_enabled != [] )
- name: Apache sites disabled and enabled
block:
- name: Apache sites disabled
include_tasks: a2dissite.yml
loop: "{{ apache_sites_disabled }}"
loop_control:
loop_var: site
label: "{{ site }}"
loop: "{{ apache_sites_enabled }}"
loop_control:
loop_var: site
label: "{{ site }}"
when: ( apache_sites_enabled is defined ) and ( apache_sites_enabled != [] )
- name: Apache enabled for systemd servers
systemd:
name: apache2
when: apache_debian_version == "buster"
- name: Apache configtest
command: apache2ctl configtest
verbosity: 1
tags:
- apache
- name: Fail if Apache configtest is not OK
fail:
msg: "{{ apache2ctl_configtest.stdout }}"
when: '"Syntax OK" not in apache_configtest.stderr'
tags:
- apache
- name: Apache restarted
service:
name: apache2
state: restarted