---
# file: roles/apache/tasks/apache.yml
- name: Apt Repository
apt_repository:
repo: '{{ item }}'
state: present
mode: 0644
with_items: '{{ apache_repositories }}'
- name: Install required packages.
apt:
pkg: '{{ apache_packages }}'
state: present
force: yes
notify:
- Restart Apache
- name: Enable some required modules
apache2_module:
name: '{{ item }}'
state: present
with_items: '{{ apache_modules }}'
notify:
- Restart Apache
- name: Copy Apache Config File
template:
src: etc-apache2-apache2.conf
dest: /etc/apache2/apache2.conf
owner: root
group: root
mode: 0644
notify:
- Restart Apache
- name: Turn on SendFile
lineinfile:
dest: /etc/apache2/apache2.conf
regexp: '^EnableSendfile '
line: EnableSendfile On
notify:
- Restart Apache
- name: Set Oracle environment variables
lineinfile:
dest: /etc/apache2/envvars
regexp: '^{{ item }}'
line: '{{ item }}'
when: repository is defined and php_needs_oci8|default(false)
with_items:
- export LD_LIBRARY_PATH=/opt/oracle/instantclient_18_5
- export ORACLE_HOME=/opt/oracle/instantclient_18_5
notify:
- Restart Apache
- name: Configure Modules
template:
src: etc-apache2-mods-available-{{ item }}.conf.jinja2
dest: /etc/apache2/mods-available/{{ item }}.conf
owner: root
group: root
mode: 0644
with_items:
- mpm_prefork
notify:
- Restart Apache
tags:
- ApacheConfig
- name: Verify if this is the initial installation
stat:
path: /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf
register: apache_initial_install
- name: Configure Security, Global Redirect, Global Deny, Logging
template:
src: etc-apache2-conf-available-{{item }}
dest: /etc/apache2/{{ apache_conf_dir }}/{{ item }}.conf
owner: root
group: root
mode: 0644
with_items:
- security
- global-redirect
- global-deny
- letsencrypt-redirect
- redirect-ssl
- other-vhosts-access-log
notify:
- Restart Apache
tags:
- ApacheConfig
- name: Write SSL Apache Options
template:
src: options-ssl-apache.conf
dest: /etc/apache2/{{ apache_conf_dir }}/options-ssl-apache.conf
owner: root
group: root
mode: 0644
- name: Install SSL certificates
copy:
src: '{{inventory_dir}}/files/ssl/{{item.1.file}}'
dest: /etc/ssl/private
with_subelements:
- '{{ apache_certificates }}'
- certs
notify:
- Restart Apache
- name: Create htdocs directory for default
file:
dest: /var/www{{ apache_server_default_root }}
state: directory
owner: www-data
group: www-data
- name: Create htdocs directory for SVN default
file:
dest: /var/www/{{ apache_server_default_svn_target }}
state: directory
owner: www-data
group: www-data
- name: Create htdocs directory for our site(s)
file:
dest: /var/www/{{ item.svn_target }}
state: directory
owner: www-data
group: www-data
with_items: '{{ apache_server_defs }}'
- name: Configuration file for default site
template:
src: etc-apache2-sites-available-default
dest: /etc/apache2/sites-available/{{ apache_conf_default_prefix }}default{{ apache_conf_ext }}
owner: root
group: root
mode: 0644
when: apache_server_default and not apache_initial_install.stat.exists
notify:
- Restart Apache
- Checkout htdocs for default
- name: Configuration file for default ssl site
template:
src: etc-apache2-sites-available-default-ssl
dest: /etc/apache2/sites-available/{{ apache_conf_default_prefix }}default-ssl{{ apache_conf_ext }}
owner: root
group: root
mode: 0644
when: apache_server_default_ssl and not apache_initial_install.stat.exists
notify:
- Restart Apache
- Checkout htdocs for default
- name: Configuration file for our site(s)
template:
src: etc-apache2-sites-available-vhost
dest: /etc/apache2/sites-available/{{ item.vhost }}{{ apache_conf_ext }}
owner: root
group: root
mode: 0644
with_items: '{{ apache_server_defs }}'
notify:
- Restart Apache
- Checkout htdocs for our site(s)
- name: Disable the default site
command: a2dissite {{ apache_conf_default_prefix }}default
args:
removes: /etc/apache2/sites-enabled/{{ apache_conf_default_prefix }}default{{ apache_conf_ext }}
when: not apache_server_default
- name: Disable the default ssl site
command: a2dissite default-ssl
args:
removes: /etc/apache2/sites-enabled/default-ssl{{ apache_conf_ext }}
when: not apache_server_default_ssl
- name: Enable the default site
command: a2ensite {{ apache_conf_default_prefix }}default
args:
creates: /etc/apache2/sites-enabled/{{ apache_conf_default_prefix }}default{{ apache_conf_ext }}
when: apache_server_default
- name: Enable the default ssl site
command: a2ensite default-ssl
args:
creates: /etc/apache2/sites-enabled/default-ssl{{ apache_conf_ext }}
when: apache_server_default_ssl
- name: Enable our new site(s)
command: a2ensite {{ item.vhost }}
args:
creates: /etc/apache2/sites-enabled/{{ item.vhost }}{{ apache_conf_ext }}
with_items: '{{ apache_server_defs }}'
- name: Create passwords directory for AuthType Basic
file:
dest: /var/www/passwords
state: directory
owner: www-data
group: www-data
- name: Setup AuthType Basic
htpasswd:
path: /var/www/passwords/{{ apache_auth.user }}
name: '{{ apache_auth.user }}'
password: '{{ apache_auth.password }}'
owner: www-data
group: www-data
mode: 0640
when: apache_auth
- name: Create default content directory
file:
dest: /var/www/html
state: directory
owner: www-data
group: www-data
- name: Copy default HTML site
template:
src: index.html
dest: /var/www/html/index.html
owner: www-data
group: www-data
- name: Copy default htaccess
template:
src: htaccess
dest: /var/www/html/.htaccess
owner: www-data
group: www-data