From d869eebd666d297035ed978550e8a4effdd712a6 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Mon, 19 Jul 2021 15:39:54 +0100
Subject: [PATCH] Updates for mod_md
---
tasks/config.yml | 8 ++++++++
templates/http2.conf.j2 | 40 +++++++++++++++++++++++++++++++++++++++
templates/mc3.conf.j2 | 3 +++
templates/webarch.conf.j2 | 5 ++++-
4 files changed, 55 insertions(+), 1 deletion(-)
create mode 100644 templates/http2.conf.j2
diff --git a/tasks/config.yml b/tasks/config.yml
index f443298..25d2405 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -50,6 +50,14 @@
group: root
mode: 0644
+ - name: Custom Apache http2 config available
+ template:
+ src: http2.conf.j2
+ dest: /etc/apache2/mods-available/http2.conf
+ owner: root
+ group: root
+ mode: 0644
+
- name: Custom Apache ssl.conf available
template:
src: ssl.conf.j2
diff --git a/templates/http2.conf.j2 b/templates/http2.conf.j2
new file mode 100644
index 0000000..0599bd9
--- /dev/null
+++ b/templates/http2.conf.j2
@@ -0,0 +1,40 @@
+# {{ ansible_managed }}
+# mod_http2 doesn't work with mpm_prefork
+<IfModule !mpm_prefork>
+{% if apache_mods_enabled is defined and "md" in apache_mods_enabled %}
+ Protocols h2 h2c http/1.1 acme-tls/1
+{% else %}
+ Protocols h2 h2c http/1.1
+{% endif %}
+
+ # # HTTP/2 push configuration
+ #
+ # H2Push on
+ #
+ # # Default Priority Rule
+ #
+ # H2PushPriority * After 16
+ #
+ # # More complex ruleset:
+ #
+ # H2PushPriority * after
+ # H2PushPriority text/css before
+ # H2PushPriority image/jpeg after 32
+ # H2PushPriority image/png after 32
+ # H2PushPriority application/javascript interleaved
+ #
+ # # Configure some stylesheet and script to be pushed by the webserver
+ #
+ # <FilesMatch "\.html$">
+ # Header add Link "</style.css>; rel=preload; as=style"
+ # Header add Link "</script.js>; rel=preload; as=script"
+ # </FilesMatch>
+ # Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
+ # you may want to change your LogFormat directive as follow:
+ #
+ # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B" common
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/templates/mc3.conf.j2 b/templates/mc3.conf.j2
index 4a23e74..ae2f36b 100644
--- a/templates/mc3.conf.j2
+++ b/templates/mc3.conf.j2
@@ -10,6 +10,9 @@ LogFormat "%I %O" bandwidth
# HTTP/2 https://httpd.apache.org/docs/trunk/mod/mod_http2.html
Protocols h2 h2c http/1.1
ProtocolsHonorOrder Off
+{% elif apache_mods_enabled is defined and "http2" in apache_mods_enabled and "md" in apache_mods_enabled %}
+Protocols h2 h2c http/1.1 acme-tls/1
+ProtocolsHonorOrder On
{% endif %}
# Let's Encrypt
# Alias "/.well-known/acme-challenge" "/var/www/html/.well-known/acme-challenge"
diff --git a/templates/webarch.conf.j2 b/templates/webarch.conf.j2
index 9f6ba25..baa7919 100644
--- a/templates/webarch.conf.j2
+++ b/templates/webarch.conf.j2
@@ -8,8 +8,11 @@ LogFormat "%I %O" bandwidth
{% if apache_mods_enabled is defined and "http2" in apache_mods_enabled %}
# HTTP/2 https://httpd.apache.org/docs/trunk/mod/mod_http2.html
-Protocols h2 h2c http/1.1
+Protocols h2 h2c http/1.1
ProtocolsHonorOrder Off
+{% elif apache_mods_enabled is defined and "http2" in apache_mods_enabled and "md" in apache_mods_enabled %}
+Protocols h2 h2c http/1.1 acme-tls/1
+ProtocolsHonorOrder On
{% endif %}
# Let's Encrypt
# Alias "/.well-known/acme-challenge" "/var/www/html/.well-known/acme-challenge"
--
GitLab