#3 Review templates

6211bd4b · jurgenhaas · d7bd2702 · 6211bd4b · 6211bd4b · 6211bd4b
Commit 6211bd4b authored 8 years ago by jurgenhaas
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -23,7 +23,7 @@ apache_server_default_ssl: 'no'
 apache_server_default_aliases: []
 apache_server_default_aliases_redirect: []
 apache_server_defs: []
-apache_server_default_root: ''
+apache_server_default_root: '/html'
 apache_server_default_svn_source: false
 apache_server_default_svn_target: 'live'
 apache_certificates: []

--- a/templates/etc-apache2-sites-available-default
+++ b/templates/etc-apache2-sites-available-default
@@ -4,11 +4,9 @@
  ServerAdmin {{apache_server_admin}}

  DocumentRoot /var/www{{apache_server_default_root}}
-
  <Directory />
    Options FollowSymLinks
    AllowOverride None
-    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
  </Directory>
  <Directory /var/www{{apache_server_default_root}}/>
    Options Indexes FollowSymLinks MultiViews
@@ -18,8 +16,13 @@
    AuthName "{{apache_auth.name}}"
    AuthUserFile /var/www/passwords/{{apache_auth.user}}
    Require user {{apache_auth.user}}
+{% else %}
+{% if apache_version == '2.2' %}
+    Order allow,deny
+    allow from all
 {% else %}
    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
+{% endif %}
 {% endif %}
  </Directory>

@@ -44,9 +47,23 @@
  <Directory "/var/www/{{alias.path}}/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride All
+{% if apache_version == '2.2' %}
+    Order allow,deny
+    allow from all
+{% else %}
    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
+{% endif %}
  </Directory>
 {% endfor %}
+
+  <IfModule mod_expires.c>
+    ExpiresActive {% if apache_cache.active %}On{% else %}Off{% endif %}
+
+    ExpiresDefault {{ apache_cache.default }}
+{% for type in apache_cache.bytype %}
+    ExpiresByType {{ apache_cache.bytype.type }} {{ apache_cache.bytype.default }}
+{% endfor %}
+  </IfModule>
 </VirtualHost>
 {% for alias in apache_server_default_aliases_redirect %}


--- a/templates/etc-apache2-sites-available-default-ssl
+++ b/templates/etc-apache2-sites-available-default-ssl
+{% if apache_version == '2.2' %}
 NameVirtualHost *:443
+{% endif %}
 {% for certs in apache_certificates %}

 <VirtualHost _default_:443>
  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf

+  ServerAdmin {{apache_server_admin}}
  ServerName {{ certs.domain }}
  ServerAlias {{ certs.domain }}{% for alias in certs.aliases|default([]) %} {{ alias }}{% endfor %}
-  ServerAdmin {{apache_server_admin}}

  DocumentRoot /var/www{{apache_server_default_root}}
-
  <Directory />
    Options FollowSymLinks
    AllowOverride None
@@ -17,7 +18,19 @@ NameVirtualHost *:443
  <Directory /var/www{{apache_server_default_root}}/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
+{% if apache_auth %}
+    AuthType {{apache_auth.type}}
+    AuthName "{{apache_auth.name}}"
+    AuthUserFile /var/www/passwords/{{apache_auth.user}}
+    Require user {{apache_auth.user}}
+{% else %}
+{% if apache_version == '2.2' %}
+    Order allow,deny
+    allow from all
+{% else %}
    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
+{% endif %}
+{% endif %}
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/error.log
@@ -32,35 +45,45 @@ NameVirtualHost *:443
  <Directory "/var/www/{{alias.path}}/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride All
+{% if apache_version == '2.2' %}
+    Order allow,deny
+    allow from all
+{% else %}
    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
+{% endif %}
  </Directory>
 {% endfor %}

-    SSLEngine on
-{% for cert in certs.certs %}
-  {{cert.type}} /etc/ssl/private/{{cert.file}}
+  <IfModule mod_expires.c>
+    ExpiresActive {% if apache_cache.active %}On{% else %}Off{% endif %}
+
+    ExpiresDefault {{ apache_cache.default }}
+{% for type in apache_cache.bytype %}
+    ExpiresByType {{ apache_cache.bytype.type }} {{ apache_cache.bytype.default }}
 {% endfor %}
+  </IfModule>
+
+  SetEnvIf X-Forwarded-Proto https HTTPS=on

-  <FilesMatch "\.(cgi|shtml|phtml|php)$">
-    SSLOptions +StdEnvVars
-  </FilesMatch>
-  <Directory /usr/lib/cgi-bin>
-    SSLOptions +StdEnvVars
-    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
-  </Directory>
  BrowserMatch "MSIE [2-6]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0
  # MSIE 7 and newer should be able to use keepalive
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+  SSLEngine on
+{% for cert in certs.certs %}
+  {{cert.type}} /etc/ssl/private/{{cert.file}}
+{% endfor %}
 </VirtualHost>
 {% for alias in certs.aliases|default([]) %}

 <VirtualHost _default_:443>
  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf

-  ServerName {{alias.from}}
-  Redirect 301 / https://{{alias.to}}/
+  ServerName {{alias}}
+  Redirect 301 / https://{{certs.domain}}/
+  SSLEngine on
 {% for cert in certs.certs %}
  {{cert.type}} /etc/ssl/private/{{cert.file}}
 {% endfor %}

--- a/templates/etc-apache2-sites-available-vhost
+++ b/templates/etc-apache2-sites-available-vhost
@@ -10,7 +10,19 @@
  <Directory /var/www/{{item.path}}/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
+{% if item.apache_auth is defined %}
+    AuthType {{item.apache_auth.type}}
+    AuthName "{{item.apache_auth.name}}"
+    AuthUserFile /var/www/passwords/{{item.apache_auth.user}}
+    Require user {{item.apache_auth.user}}
+{% else %}
+{% if apache_version == '2.2' %}
+    Order allow,deny
+    allow from all
+{% else %}
    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
+{% endif %}
+{% endif %}
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/error.log
@@ -21,11 +33,25 @@
  CustomLog ${APACHE_LOG_DIR}/access.log proxy env=forwarded
 {% for alias in item.aliases|default([]) %}

-    Alias /sysadmin/ "/var/www/{{alias.path}}/"
-    <Directory "/var/www/{{alias.path}}/">
-      Options Indexes MultiViews FollowSymLinks
-      AllowOverride All
-      Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
-    </Directory>
+  Alias /sysadmin/ "/var/www/{{alias.path}}/"
+  <Directory "/var/www/{{alias.path}}/">
+    Options Indexes FollowSymLinks MultiViews
+    AllowOverride All
+{% if apache_version == '2.2' %}
+    Order allow,deny
+    allow from all
+{% else %}
+    Include /etc/apache2/{{ apache_conf_dir }}/global-deny.conf
+{% endif %}
+  </Directory>
+{% endfor %}
+
+  <IfModule mod_expires.c>
+    ExpiresActive {% if apache_cache.active %}On{% else %}Off{% endif %}
+
+    ExpiresDefault {{ apache_cache.default }}
+{% for type in apache_cache.bytype %}
+    ExpiresByType {{ apache_cache.bytype.type }} {{ apache_cache.bytype.default }}
 {% endfor %}
+  </IfModule>
 </VirtualHost>