first commit

This commit is contained in:
Alexander Gabriel 2022-11-29 18:09:10 +01:00
commit 44328d4172
5 changed files with 202 additions and 0 deletions

10
handlers/main.yml Normal file
View File

@ -0,0 +1,10 @@
- name: restart apache2
service:
name: apache2
state: restarted
- name: reload apache2
service:
name: apache2
state: reloaded

146
tasks/main.yml Normal file
View File

@ -0,0 +1,146 @@
---
- name: Install stuff
apt:
name:
- apache2
update_cache: yes
- name: install acme.sh
include_role:
name: acmesh
- name: set DocumentRoot
set_fact:
docroot: "/var/www/html"
when: not docroot is defined
- name: set domainname
set_fact:
domainname: "{{ inventory_hostname }}"
when: not domainname is defined
- name: create wwwroot
file:
path: "{{ docroot }}"
owner: www-data
group: www-data
mode: '0755'
state: directory
- name: enable apache module proxy
command: a2enmod proxy
args:
creates: /etc/apache2/mods-enabled/proxy.load
notify:
reload apache2
- name: enable apache module proxy_html
command: a2enmod proxy_html
args:
creates: /etc/apache2/mods-enabled/proxy_html.load
notify:
reload apache2
- name: enable apache module proxy_http
command: a2enmod proxy_http
args:
creates: /etc/apache2/mods-enabled/proxy_http.load
notify:
reload apache2
- name: enable apache module proxy_http2
command: a2enmod proxy_http2
args:
creates: /etc/apache2/mods-enabled/proxy_http2.load
notify:
reload apache2
- name: enable apache module ssl
command: a2enmod ssl
args:
creates: /etc/apache2/mods-enabled/ssl.load
notify:
reload apache2
- name: enable apache module headers
command: a2enmod headers
args:
creates: /etc/apache2/mods-enabled/headers.load
notify:
reload apache2
- name: enable apache module rewrite
command: a2enmod rewrite
args:
creates: /etc/apache2/mods-enabled/rewrite.load
notify:
reload apache2
- name: install acme.sh
include_role:
name: acmesh
- name: set amce server url
set_fact:
acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1"
when: acme_sh_server is defined
- name: set amce server url
set_fact:
acmeshserver: ""
when: not acme_sh_server is defined
- name: generate /etc/apache2/sites-available/{{ domainname }}.conf
template:
src: apache.conf.j2
dest: /etc/apache2/sites-available/{{ domainname }}.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
template:
src: apache-ssl.conf.j2
dest: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
file:
state: link
src: /etc/apache2/sites-available/{{ domainname }}.conf
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
notify:
- reload apache2
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
template:
src: includeOptional.conf.j2
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
owner: root
group: root
mode: "0644"
notify:
- reload apache2
- name: Flush handlers
meta: flush_handlers
- name: get certificates
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot | default("/var/www/html") }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
args:
creates: /etc/ssl/private/{{ domainname }}.key
- name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
file:
state: link
src: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
dest: /etc/apache2/sites-enabled/{{ domainname }}-ssl.conf
notify:
- reload apache2

View File

@ -0,0 +1,30 @@
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName {{ domainname }}
ServerAdmin webmaster@{{ domainname }}
DocumentRoot "{{ docroot }}"
<Directory "{{ docroot }}">
Options Indexes MultiViews Includes FollowSymLinks
AddOutputFilter Includes html
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/{{ domainname }}.error.log
CustomLog ${APACHE_LOG_DIR}/{{ domainname }}.access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/{{ domainname }}.pem
SSLCertificateKeyFile /etc/ssl/private/{{ domainname }}.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
IncludeOptional /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
</VirtualHost>
</IfModule>

15
templates/apache.conf.j2 Normal file
View File

@ -0,0 +1,15 @@
<VirtualHost *:80>
ServerName {{ domainname }}
ServerAdmin webmaster@{{ domainname }}
DocumentRoot "{{ docroot }}"
ErrorLog ${APACHE_LOG_DIR}/{{ domainname }}.error.log
CustomLog ${APACHE_LOG_DIR}/{{ domainname }}.access.log combined
#rewrite transparent to https, keep uri
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>

View File

@ -0,0 +1 @@
{{ optionalDirectives | default('')}}