blob: 17a0909f40172b8d139f8605281359e643b21b25 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
---
- name: Install SURY.ORG package signing key
get_url:
url: https://packages.sury.org/php/apt.gpg
dest: /etc/apt/trusted.gpg.d/sury.gpg
become: yes
- name: Install SURY.ORG php package repository
copy:
dest: /etc/apt/sources.list.d/sury.list
content: 'deb https://packages.sury.org/php/ {{ ansible_facts.distribution_release }} main'
become: yes
register: install_repo
- name: Update APT Cache
apt:
update_cache: yes
become: yes
when: install_repo.changed
- name: Install general packages
apt:
name: '{{ ["apache2", "libapache2-mpm-itk"] + php_versions }}'
become: yes
- name: Install extensions
apt:
name: '{{ php_versions | product(php_extensions) | map("join", "-") }}'
become: yes
# ignore errors bc apache2_module checks fails for errors in config (why???)
- name: Enable apache2 modules
community.general.apache2_module:
name: '{{ item }}'
state: present
loop: '{{ apache_mods }}'
ignore_errors: yes
become: yes
notify: Restart apache
- name: Check for changed cert
command: /bin/true
when:
- '{{ cert_changed | default(False) }}'
notify:
- Restart apache
- name: Check for php module
find:
paths: '/etc/apache2/mods-enabled/'
patterns: 'php*'
file_type: any
become: yes
register: a2_mod_php
- name: Disable apache2 mod php
file:
path: '{{ item.path }}'
follow: no
state: absent
become: yes
loop: '{{ a2_mod_php.files }}'
notify: Restart apache
- name: Install SSL config
template:
src: ssl.conf.j2
dest: /etc/apache2/ssl.conf
become: yes
notify: Restart apache
- name: Remove default-ssl
file:
path: '/etc/apache2/{{ item }}/default-ssl.conf'
follow: no
state: absent
become: yes
loop:
- sites-available
- sites-enabled
notify: Reload apache
- name: Install default sites
copy:
src: '{{ item }}'
dest: '/etc/apache2/sites-available/{{ item }}'
become: yes
loop:
- 000-default-ssl.conf
- 000-default.conf
notify: Reload apache
- name: Install vhost configs
template:
src: vhost.conf.j2
dest: '/etc/apache2/sites-available/{{ item.key }}.conf'
with_dict: '{{ apache_vhosts }}'
become: yes
notify: Reload apache
- name: Install noPHP vhost configs
template:
src: vhost_nophp.conf.j2
dest: '/etc/apache2/sites-available/{{ item.key }}.conf'
with_dict: '{{ apache_nophp_vhosts }}'
become: yes
notify: Reload apache
- name: Install proxy configs
template:
src: proxy.conf.j2
dest: '/etc/apache2/sites-available/{{ item.key }}.conf'
with_dict: '{{ apache_rproxies }}'
become: yes
notify: Reload apache
- name: Create site users
user:
name: 'www-{{ item }}'
shell: /usr/sbin/nologin
system: yes
home: '/var/www/{{ item }}'
become: yes
with_items: '{{ apache_vhosts.keys() | list }}'
- name: chmod site dirs
file:
path: '/var/www/{{ item }}'
mode: '750'
become: yes
with_items: '{{ apache_vhosts.keys() | list }}'
- name: Create noPHP site dirs
file:
path: '/var/www/{{ item }}'
mode: '750'
owner: www-data
group: www-data
state: directory
become: yes
with_items: '{{ apache_nophp_vhosts.keys() | list }}'
- name: Create FPM Pools
template:
src: fpm-pool.conf.j2
dest: '/etc/php/{{ item.value.php_version }}/fpm/pool.d/www-{{ item.key }}.conf'
become: yes
with_dict: '{{ apache_vhosts }}'
notify: Restart fpm
- name: Enable sites
file:
path: '/etc/apache2/sites-enabled/{{ item }}.conf'
state: link
src: '../sites-available/{{ item }}.conf'
become: yes
notify: Reload apache
with_items: '{{ apache_vhosts.keys() | list + apache_rproxies.keys() | list + apache_nophp_vhosts.keys() | list + ["000-default", "000-default-ssl"] }}'
|