-
Notifications
You must be signed in to change notification settings - Fork 25
Expand file tree
/
Copy pathdataverse-apache.yml
More file actions
124 lines (104 loc) · 3.51 KB
/
dataverse-apache.yml
File metadata and controls
124 lines (104 loc) · 3.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---
# dataverse/tasks/dataverse-apache.yml
- name: begin apache task
debug:
msg: '##### APACHE/HTTPD #####'
- name: allow apache to make outbound connections
shell: '/usr/sbin/setsebool -P httpd_can_network_connect 1'
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
- name: allow apache to read user content by default
shell: '/usr/sbin/setsebool -P httpd_read_user_content 1'
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version == "8"
- name: httpd variables
set_fact:
apache_config_base_dir: "{{ (ansible_os_family == 'RedHat') | ternary ('/etc/httpd', '/etc/apache2') }}"
- name: httpd variables for RedHat/CentOS
set_fact:
apache_virtualhost_dir: "{{ apache_config_base_dir }}/conf.d"
apache_config_dir: "{{ apache_config_base_dir }}/conf.d"
when: ansible_os_family == "RedHat"
- name: httpd variables for Debian/Ubuntu
set_fact:
apache_virtualhost_dir: "{{ apache_config_base_dir }}/sites-enabled"
apache_config_dir: "{{ apache_config_base_dir }}/conf-enabled"
when: ansible_os_family == "Debian"
- name: install Apache for RedHat/CentOS
yum:
name: ['httpd', 'mod_ssl']
state: latest
when: ansible_os_family == "RedHat"
- name: install Apache for Debian/Ubuntu
package:
name: apache2
state: latest
when: ansible_os_family == "Debian"
notify: enable and restart apache
- name: enable apache mods on Debian
apache2_module:
state: present
name: "{{ item }}"
with_items:
- proxy
- proxy_http
- proxy_ajp
when: ansible_os_family == "Debian" ## CHECKME -- does this need to be Debian-specific?
notify: enable and restart apache
- name: disable default Debian site
file:
path: "{{ apache_virtualhost_dir }}/000-default.conf"
state: absent
when: ansible_os_family == "Debian"
notify: enable and restart apache
- name: reconfigure Listen directive on RedHat
lineinfile:
path: "{{ apache_config_base_dir }}/conf/httpd.conf"
regexp: '^Listen'
line: 'Listen {{ apache.port }}'
when: ansible_os_family == "RedHat"
notify: enable and restart apache
- name: install own ports.conf on Debian
template:
src: ports.conf.j2
dest: "{{ apache_config_base_dir }}/ports.conf"
when: ansible_os_family == "Debian" ## TODO where is this in RedHat? ## it would be nicer to use than the Listen statement at the start of the virtualhost
notify: enable and restart apache
- include: dataverse-apache-ssl.yml
when:
- letsencrypt.enabled == false
- name: install unified http proxy config
template:
src: http.proxy.conf.j2
dest: "{{ apache_virtualhost_dir }}/http.proxy.conf"
owner: root
group: root
mode: '0644'
notify: enable and restart apache
- name: certbot bonks on listen 443
lineinfile:
path: '{{ apache_virtualhost_dir }}/http.proxy.conf'
regexp: '^Listen 443 https'
state: absent
when: letsencrypt.enabled == true
- include: certbot.yml
when:
- ansible_os_family == "RedHat"
- apache.ssl.enabled
- letsencrypt.enabled
- name: install proxy error boilerplate
copy:
src: 503.html
dest: "{{ apache_config_dir }}"
owner: root
group: root
mode: 0644
notify: enable and restart apache
- name: "both redhat and ubuntu default to /var/www/html"
shell: 'semanage fcontext -a -t httpd_sys_content_t "/var/www/html(/.*)?"'
- name: "allow apache read-only access to /var/www/html"
shell: 'restorecon -R -v /var/www/html'
- name: run handlers -- this runs the apache restart scripts
meta: flush_handlers