support for ratelimit added

.gitignore

+*.retry
+*.swp

README.md

@@ -15,7 +15,7 @@ To use this role you need to use Ansible Galaxy to install it into another repos
 To pull this repo in run:
 
 ```bash
-ansible-galaxy install -r requirements.yml --force -p roles 
+ansible-galaxy install -r requirements.yml --force -p galaxy/roles 
 ```
 
 The other repo should also contain a `.yml` file that contains something like this:
@@ -37,6 +37,7 @@ The other repo should also contain a `.yml` file that contains something like th
       - mime
       - rewrite
       - ssl
+      - mpm_event
     apache_mods_disabled:
       - suexec
       - mpm-itk
@@ -49,6 +50,8 @@ The other repo should also contain a `.yml` file that contains something like th
     apache_ulimit: 65536
     apache_mpm_max_request_workers: 128
     apache_mpm_max_connections_per_child: 10000
+    apache_apache_rate_limit: 64
+    apache_rate_initial_burst: 256
 
   roles:
     - apache

tasks/main.yml

@@ -17,24 +17,47 @@
     mode: 0755
     owner: root
     group: root
+  tags:
+    - apache
 
-- name: Apache ITK MPM package present
+- name: Apache ITK MPM package absent
   apt:
     pkg:
       - libapache2-mpm-itk
-    state: present
+    state: absent
     update_cache: false
-  when: apache_mods_enabled is defined and "mpm-itk" in apache_mods_enabled
+  when: ( apache_mods_enabled is defined ) and ( "mpm-itk" in apache_mods_disabled )
   tags:
     - apache
 
-- name: Apache ITK MPM package absent
+- name: Apache ITK MPM configuration
+  block:
+
+    - name: Apache ITK MPM package present
+      apt:
+        pkg:
+          - libapache2-mpm-itk
+        state: present
+        update_cache: false
+      tags:
+        - apache
+
+    - name: Apache mpm_prefork.conf in place
+      template:
+        src: templates/mpm_prefork.conf.j2
+        dest: /etc/apache2/mods-available/mpm_prefork.conf
+      tags:
+        - apache
+
+  when: ( apache_mods_enabled is defined ) and ( "mpm-itk" in apache_mods_enabled )
+
+- name: Apache suEXEC package absent
   apt:
     pkg:
-      - libapache2-mpm-itk
+      - apache2-suexec-pristine
     state: absent
     update_cache: false
-  when: apache_mods_enabled is defined and "mpm-itk" in apache_mods_disabled
+  when: ( apache_mods_enabled is defined ) and ( "suexec" in apache_mods_disabled )
   tags:
     - apache
 
@@ -44,17 +67,17 @@
       - apache2-suexec-pristine
     state: present
     update_cache: false
-  when: apache_mods_enabled is defined and "suexec" in apache_mods_enabled
+  when: ( apache_mods_enabled is defined ) and ( "suexec" in apache_mods_enabled )
   tags:
     - apache
 
-- name: Apache suEXEC package absent
+- name: Apache FastCGI absent
   apt:
     pkg:
-      - apache2-suexec-pristine
+      - libapache2-mod-fcgid
     state: absent
     update_cache: false
-  when: apache_mods_enabled is defined and "suexec" in apache_mods_disabled
+  when: ( apache_mods_enabled is defined ) and ( "fcgid" not in apache_mods_disabled )
   tags:
     - apache
 
@@ -64,22 +87,24 @@
       - libapache2-mod-fcgid
     state: present
     update_cache: false
-  when: apache_mods_enabled is defined and "fcgid" in apache_mods_enabled
+  when: ( apache_mods_enabled is defined ) and ( "fcgid" in apache_mods_enabled )
   tags:
     - apache
 
-- name: Apache FastCGI absent
-  apt:
-    pkg:
-      - libapache2-mod-fcgid
-    state: absent
-    update_cache: false
-  when: apache_mods_enabled is defined and "fcgid" not in apache_mods_disabled
+- name: Apache ratelimit conf present
+  template:
+    src: templates/ratelimit.conf.j2
+    dest: /etc/apache2/mods-available/ratelimit.conf
+  when: ( apache_mods_enabled is defined ) and ( "ratelimit" in apache_mods_enabled )
+  tags:
+    - apache
 
 - name: Check we we have a HTTPS cert
   stat:
     path: "/etc/ssl/le/{{ inventory_hostname }}.cert.pem"
   register: apache_cert
+  tags:
+    - apache
 
 - name: Conditionally include Webarchitects config
   include_tasks: webarch.yml
@@ -87,13 +112,6 @@
   tags:
     - apache
 
-- name: Apache mpm_prefork.conf in place
-  template:
-    src: templates/mpm_prefork.conf.j2
-    dest: /etc/apache2/mods-enabled/mpm_prefork.conf
-  tags:
-    - apache
-
 - name: Custom Apache ssl.conf in place
   copy:
     src: files/ssl.conf
@@ -116,7 +134,7 @@
     - apache
 
 - name: Apache conf disabled
-  include_tasks: a2disconf.yml
+a include_tasks: a2disconf.yml
   with_items: "{{ apache_conf_disabled }}"
   when: apache_conf_disabled is defined
   tags:

templates/envvars.j2

+# {{ ansible_managed }}
 # envvars - default environment variables for apache2ctl
   
 # this won't be correct after changing uid
@@ -45,4 +46,4 @@ APACHE_ULIMIT_MAX_FILES='ulimit -n {{ apache_ulimit | default('8192') }}'
 ## This will produce a verbose output on package installations of web server modules and web application
 ## installations which interact with Apache
 #export APACHE2_MAINTSCRIPT_DEBUG=1
-
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

templates/mpm_prefork.conf.j2

+# {{ ansible_managed }}
 # prefork MPM
 # StartServers: number of server processes to start
 # MinSpareServers: minimum number of server processes which are kept spare

templates/ratelimit.conf.j2

+# {{ ansible_managed }}
+# https://httpd.apache.org/docs/trunk/mod/mod_ratelimit.html
+{% if apache_rate_limit is defined %}
+SetOutputFilter RATE_LIMIT
+SetEnv rate-limit {{ apache_rate_limit }}
+{% else %}
+# rate-limit not set as apache_rate_limit was not defined
+{% endif %}
+{% if apache_rate_initial_burst is defined %}
+SetEnv rate-initial-burst {{ apache_rate_initial_burst }}
+{% else %}
+# rate-initial-burst not set as apache_rate_initial_burst was not defined
+{% endif %}
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+

templates/webarch.conf.j2

+# {{ ansible_managed }}
 # WSH Settings for all sites
 # Ansible Generated
 
@@ -272,3 +273,4 @@ ErrorDocument 403 /wsh/403.shtml
     </IfModule>
   </Directory>
 </VirtualHost>
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet