Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • v0.9.4
  • v0.9.3
  • v0.9.2
  • v0.9
  • 3.7.0
  • 3.6.0
  • 3.5.1
  • 3.5.0
  • 3.4.1
  • 3.4.0
  • 3.3.0
  • 3.2.0
  • 3.1.0
  • 3.0.1
  • 3.0.0
  • 2.7.0
  • 2.6.0
  • 2.5.0
  • 2.4.2
  • 2.4.1
  • 2.4.0
  • 2.3.0
  • 2.2.0
  • 2.2.1
25 results
Compare
Chris Croome's avatar
tweaks
Chris Croome authored
b88487ea
History
Chris Croome's avatar b88487ea
History
Name Last commit Last update
defaults
files
meta
molecule/default
tasks
templates
vars
.ansible-lint
.gitignore
.gitlab-ci.yml
.pre-commit-config.yaml
.yamllint
LICENSE
README.md
README.md

Ansible Apache Role

pipeline status

This repository contains an Ansible role for installing Apache on Debian Stretch, Buster and Bullseye (Ubuntu support should be added at some point).

The primary URL of this repo is https://git.coop/webarch/apache however it is also mirrored to GitHub and available via Ansible Galaxy.

If you use this role please use a tagged release, see the release notes.

On Buster Apache is installed from backports as this allows for the use of TLSv1.3, support for mod_md on Buster still needs to be added see this issue.

See the defaults/main.yml file for the default settings.

To use this role you need to use Ansible Galaxy to install it into another repository by adding a requirements.yml file in that repo that contains:

---
- name: apache
  # src: https://git.coop/webarch/apache.git
  src: https://github.com/webarch-coop/ansible-role-apache.git
  version: master
  scm: git

To pull this repo in run:

ansible-galaxy install -r requirements.yml --force -p galaxy/roles

The other repo should also contain a (for example) apache.yml file that contains something like this (for mpm_event / php-fpm):

---
- name: Install Apache
  become: yes

  hosts: apache_buster_servers

  vars:
    apache_mods_enabled:
      - dir
      - env
      - headers
      - http2
      - include
      - mime
      - proxy
      - proxy_fcgi
      - rewrite
      - ssl
      - status
      - mpm_event
    apache_mods_disabled:
      - suexec
      - mpm_itk
      - mpm_prefork
      - php7.3
    apache_conf_enabled:
      - php7.3-fpm
      - webarch
    apache_conf_disabled:
      - serve-cgi-bin
      - phpmyadmin
    apache_sites_enabled:
      - localhost
    apache_sites_disabled:
      - 000-default
    apache_user: www-data
    apache_group: www-data
    # The following vars are all optional
    apache_ulimit: 65536
    # These vars depend on the ratelimit conf
    apache_apache_rate_limit: 64
    apache_rate_initial_burst: 256

  roles:
    - apache

Or something like this for mod_php and mpm-itk:

---
- name: Install Apache
  become: yes

  hosts: apache_servers

  vars:
    apache_mods_enabled:
      - dir
      - env
      - headers
      - include
      - mime
      - proxy
      - rewrite
      - ssl
      - mpm-itk
      - mpm_prefork
      - php7.3
    apache_mods_disabled:
      - http2
      - mpm_event
      - suexec
      - proxy_fcgi
    apache_conf_enabled:
      - webarch
    apache_conf_disabled:
      - serve-cgi-bin
      - php7.3-fpm
      - phpmyadmin
    apache_sites_enabled:
      - localhost
    apache_sites_disabled:
      - 000-default
    apache_user: www-data
    apache_group: www-data
    # The following vars are all optional
    apache_ulimit: 65536
    # These vars depend on the ratelimit conf
    apache_apache_rate_limit: 64
    apache_rate_initial_burst: 256
    # These vars depend on mpm-itk / mpm_prefork modules
    apache_mpm_max_request_workers: 128
    apache_mpm_max_connections_per_child: 10000

  roles:
    - apache

And a hosts.yml file that contains a apache_servers list as follows:

---
all:
  children:
    apache_servers:
      hosts:
        host1.example.org:
        host2.example.org:

Then it can be run as follows:

ansible-playbook apache.yml -i hosts.yml

Webarchitects | Forum | Status | SSH Fingerprints