Initial code

2ee1546b · jurgenhaas · d01ac3d8 · 2ee1546b · 2ee1546b · 2ee1546b
Commit 2ee1546b authored 5 years ago by jurgenhaas
--- a/meta/main.yml
+++ b/meta/main.yml
+---
+
+dependencies:
+  - { role: apache, when: groups.proxyserver is not defined or inventory_hostname not in groups.proxyserver }
+  - { role: elasticsearch }
--- a/tasks/apache.yml
+++ b/tasks/apache.yml
+---
+# file: roles/zammad/tasks/apache.yml
+
+- set_fact: apacheUser='www-data'
+
+- name: "Apache Modules"
+  apache2_module:
+    state='present'
+    name='{{ item }}'
+  with_items:
+    - 'proxy'
+    - 'proxy_http'
+  notify:
+    - "Apache | Restart Apache"
+
+- name: "Apache Configuration File"
+  template:
+    src='vhost.conf'
+    dest='/etc/apache2/sites-available/zammad{{ apache_conf_ext }}'
+    owner='root'
+    group='root'
+    mode='664'
+  notify:
+    - "Apache | Restart Apache"
+
+- name: "Apache enable site"
+  command: a2ensite zammad creates=/etc/apache2/sites-enabled/zammad{{ apache_conf_ext }}
+  notify:
+    - "Apache | Restart Apache"
--- a/tasks/install.yml
+++ b/tasks/install.yml
+---
+# file: roles/zammad/tasks/install.yml
+
+- name: "Apt Key"
+  apt_key:
+    url: 'https://dl.packager.io/srv/zammad/zammad/key'
+    state: 'present'
+
+- name: "Apt Repository"
+  apt_repository:
+    repo: 'deb https://dl.packager.io/srv/deb/zammad/zammad/stable/ubuntu 18.04 main'
+    state: 'present'
+    mode: '644'
+
+- name: "Install zammad"
+  apt:
+    pkg: 'zammad'
+    state: 'present'
+    update_cache: yes
--- a/tasks/main.yml
+++ b/tasks/main.yml
+---
+# file: roles/zammad/tasks/main.yml
+
+- name: "Zammad Role"
+  set_fact: role_zammad_started=true
+  tags: 'always'
+
+- block:
+
+  - import_tasks: apache.yml
+    when: groups.proxyserver is not defined or inventory_hostname not in groups.proxyserver
+    tags: 'ApacheConfig'
+
+  - import_tasks: install.yml
+
+  when: '"zammad" not in excluded_roles'
--- a/templates/vhost.conf
+++ b/templates/vhost.conf
+<VirtualHost *:80>
+  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf
+
+{% if zammad_protocol|default("https") == "https" and groups.proxyserver is not defined %}
+  ServerAdmin {{ apache_server_admin }}
+  ServerName  {{ zammad_domain }}
+  ServerAlias {{ inventory_hostname }}
+
+  Include /etc/apache2/{{ apache_conf_dir }}/redirect-ssl.conf
+  Include /etc/apache2/{{ apache_conf_dir }}/letsencrypt-redirect.conf
+
+  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+  LogLevel warn
+{% if apache_version|default('2.4') == '2.4' %}
+  ErrorLogFormat "[%{u}t] [%l] [pid %P] [client\ %{X-Forwarded-For}i] %M% ,\ referer:\ %{Referer}i"
+{% endif %}
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+  ErrorLog ${APACHE_LOG_DIR}/{{ zammad_domain }}-error.log
+  CustomLog ${APACHE_LOG_DIR}/{{ zammad_domain }}-access.log combined env=!forwarded
+  CustomLog ${APACHE_LOG_DIR}/{{ zammad_domain }}-access.log proxy env=forwarded
+</VirtualHost>
+
+<VirtualHost *:443>
+  Include /etc/apache2/{{ apache_conf_dir }}/global-redirect.conf
+
+{% endif %}
+  ServerAdmin {{ apache_server_admin }}
+  ServerName  {{ zammad_domain }}
+  ServerAlias {{ inventory_hostname }}
+
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+  Header set Referrer-Policy "no-referrer"
+
+  HostnameLookups Off
+  UseCanonicalName Off
+  ServerSignature Off
+  ProxyRequests Off
+  ProxyPreserveHost On
+  <Proxy 127.0.0.1:3000>
+    Require local
+  </Proxy>
+  ProxyPass /assets !
+  ProxyPass /favicon.ico !
+  ProxyPass /robots.txt !
+  ProxyPass /ws ws://127.0.0.1:6042/
+  ProxyPass / http://127.0.0.1:3000/
+  DocumentRoot "/opt/zammad/public"
+
+  <Directory />
+    Options FollowSymLinks
+    AllowOverride None
+  </Directory>
+
+  <Directory "/opt/zammad/public">
+    Options FollowSymLinks
+    Require all granted
+  </Directory>
+
+  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
+  LogLevel warn
+{% if apache_version|default('2.4') == '2.4' %}
+  ErrorLogFormat "[%{u}t] [%l] [pid %P] [client\ %{X-Forwarded-For}i] %M% ,\ referer:\ %{Referer}i"
+{% endif %}
+  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+  ErrorLog ${APACHE_LOG_DIR}/{{ zammad_domain }}-error.log
+  CustomLog ${APACHE_LOG_DIR}/{{ zammad_domain }}-access.log combined env=!forwarded
+  CustomLog ${APACHE_LOG_DIR}/{{ zammad_domain }}-access.log proxy env=forwarded
+
+  <IfModule mod_expires.c>
+    ExpiresActive {% if apache_cache.active %}On{% else %}Off{% endif %}
+
+    ExpiresDefault {{ apache_cache.default }}
+{% for type in apache_cache.bytype %}
+    ExpiresByType {{ type.type }} {{ type.default }}
+{% endfor %}
+  </IfModule>
+
+  SetEnvIf X-Forwarded-Proto https HTTPS=on
+
+  BrowserMatch "MSIE [2-6]" \
+    nokeepalive ssl-unclean-shutdown \
+    downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+{% if zammad_protocol|default("https") == "https" and groups.proxyserver is not defined %}
+  Include /etc/apache2/{{ apache_conf_dir }}/options-ssl-apache.conf
+  SSLCertificateFile /etc/letsencrypt/live/{{ zammad_domain }}/cert.pem
+  SSLCertificateKeyFile /etc/letsencrypt/live/{{ zammad_domain }}/privkey.pem
+  SSLCertificateChainFile /etc/letsencrypt/live/{{ zammad_domain }}/chain.pem
+{% endif %}
+</VirtualHost>