add apache role

author: Jonas Gunz <himself@jonasgunz.de> 2021-09-02 01:02:31 +0200
committer: Jonas Gunz <himself@jonasgunz.de> 2021-09-02 01:02:31 +0200
commit: 2e3a53d879ef17f2e4afcce9e6b7f121ab25c571 (patch)
tree: 6f75bcb2af9dcc5c975ffa0d3438023ad8abf8ca /roles/apache/templates
parent: a024ad57e94976f7541bdd352e2d0a364c2aa5fb (diff)
download: ansible_collection-2e3a53d879ef17f2e4afcce9e6b7f121ab25c571.tar.gz
6 files changed, 105 insertions, 0 deletions
diff --git a/roles/apache/templates/fpm-pool.conf.j2 b/roles/apache/templates/fpm-pool.conf.j2
new file mode 100644
index 0000000..514382b
--- /dev/null
+++ b/roles/apache/templates/fpm-pool.conf.j2
@@ -0,0 +1,15 @@
+[www-{{ item.key }}]
+    user = www-{{ item.key }}
+    group = www-{{ item.key }}
+    listen = /run/php/php{{ item.value.php_version }}-fpm.www-{{ item.key }}.sock
+    listen.owner = www-{{ item.key }}
+    listen.group = www-{{ item.key }}
+    listen.mode = 0600
+
+    pm = dynamic
+    pm.max_children = {{ item.value.fpm.max_children | default("5") }}
+    pm.start_servers = {{ item.value.fpm.start_servers | default("2") }}
+    pm.min_spare_servers = {{ item.value.fpm.min_spare_servers | default("1") }}
+    pm.max_spare_servers = {{ item.value.fpm.max_spare_servers | default("3") }}
+
+{{ item.value.php_custom_conf | default("") }}
diff --git a/roles/apache/templates/php-fpm.conf.j2 b/roles/apache/templates/php-fpm.conf.j2
new file mode 100644
index 0000000..2dd653c
--- /dev/null
+++ b/roles/apache/templates/php-fpm.conf.j2
@@ -0,0 +1 @@
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/apache/templates/proxy.conf.j2 b/roles/apache/templates/proxy.conf.j2
new file mode 100644
index 0000000..6fca868
--- /dev/null
+++ b/roles/apache/templates/proxy.conf.j2
@@ -0,0 +1,24 @@
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerAdmin webmaster@localhost
+
+		ServerName {{ item.value.hostname }}
+
+{% if item.value.ssl is defined and item.value.ssl is sameas true %}
+		SSLProxyEngine on
+		SSLProxyVerify require
+		SSLProxyCACertificateFile "/etc/ssl/certs/ca-certificates.crt"
+		SSLProxyCheckPeerCN on
+		SSLProxyVerifyDepth 10
+{% endif %}
+
+		ProxyPass / {{ item.value.proxy }}
+		ProxyPassReverse / {{ item.value.proxy }}
+
+		{{ item.value.apache_custom_conf | default("") }}
+
+		Include ssl.conf
+	</VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/apache/templates/ssl.conf.j2 b/roles/apache/templates/ssl.conf.j2
new file mode 100644
index 0000000..04587a2
--- /dev/null
+++ b/roles/apache/templates/ssl.conf.j2
@@ -0,0 +1,17 @@
+# This file is managed by Ansible. Do not change.
+
+SSLEngine on
+
+SSLProtocol -all +TLSv1.2 +TLSv1.3
+
+SSLCertificateFile {{ apache_ssl_cert }}
+SSLCertificateKeyFile {{ apache_ssl_key }}
+
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory /usr/lib/cgi-bin>
+		SSLOptions +StdEnvVars
+</Directory>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/apache/templates/vhost.conf.j2 b/roles/apache/templates/vhost.conf.j2
new file mode 100644
index 0000000..78862af
--- /dev/null
+++ b/roles/apache/templates/vhost.conf.j2
@@ -0,0 +1,27 @@
+# This file is managed by Ansible. Do not change.
+
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerName {{ item.value.hostname }}
+	
+		ServerAdmin webmaster@localhost
+		DocumentRoot /var/www/{{ item.key }}/{{ item.value.relative_root }}
+
+		<Directory /var/www/{{ item.key }}>
+			AllowOverride All
+			Require all granted
+		</Directory>
+
+		AssignUserID www-{{ item.key }} www-{{ item.key }}
+
+		Include ssl.conf
+
+		{{ item.value.apache_custom_conf | default("") }}
+
+		<FilesMatch \.php$>
+			SetHandler "proxy:unix:/run/php/php{{ item.value.php_version }}-fpm.www-{{ item.key }}.sock|fcgi://localhost"
+		</FilesMatch>
+	</VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/roles/apache/templates/vhost_nophp.conf.j2 b/roles/apache/templates/vhost_nophp.conf.j2
new file mode 100644
index 0000000..22d948a
--- /dev/null
+++ b/roles/apache/templates/vhost_nophp.conf.j2
@@ -0,0 +1,21 @@
+# This file is managed by Ansible. Do not change.
+
+<IfModule mod_ssl.c>
+	<VirtualHost _default_:443>
+		ServerName {{ item.value.hostname }}
+	
+		ServerAdmin webmaster@localhost
+		DocumentRoot /var/www/{{ item.key }}/{{ item.value.relative_root }}
+
+		<Directory /var/www/{{ item.key }}>
+			AllowOverride All
+			Require all granted
+		</Directory>
+
+		Include ssl.conf
+
+		{{ item.value.apache_custom_conf | default("") }}
+	</VirtualHost>
+</IfModule>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
author	Jonas Gunz <himself@jonasgunz.de>	2021-09-02 01:02:31 +0200
committer	Jonas Gunz <himself@jonasgunz.de>	2021-09-02 01:02:31 +0200
commit	2e3a53d879ef17f2e4afcce9e6b7f121ab25c571 (patch)
tree	6f75bcb2af9dcc5c975ffa0d3438023ad8abf8ca /roles/apache/templates
parent	a024ad57e94976f7541bdd352e2d0a364c2aa5fb (diff)
download	ansible_collection-2e3a53d879ef17f2e4afcce9e6b7f121ab25c571.tar.gz