initial commit

1 files changed, 26 insertions, 0 deletions

diff --git a/roles/apache_vhost/vars/main.yml b/roles/apache_vhost/vars/main.yml
new file mode 100644
index 0000000..bbfba62
--- /dev/null
+++ b/roles/apache_vhost/vars/main.yml
@@ -0,0 +1,26 @@
+apache_certificate_path: /etc/pki/tls/certs/httpd-{{ apache_server_name }}.pem
+apache_certificate_key_path: /etc/pki/tls/private/httpd-{{ apache_server_name }}.key
+
+apache_ldap_url: "ldaps://{{ freeipa_hosts | join(' ') }}/{{ freeipa_user_basedn }}"
+apache_ldap_creds: |
+  AuthLDAPBindDN uid={{ apache_sysaccount_username }},{{ freeipa_sysaccount_basedn }}
+  AuthLDAPBindPassword {{ apache_sysaccount_password }}
+apache_ldap_config: |
+  AuthLDAPUrl "{{ apache_ldap_url }}?uid"
+  {{ apache_ldap_creds }}
+
+apache_gssapi_session_config: |
+  GssapiUseSessions On
+  Session On
+  SessionCookieName gssapi_session path=/;httponly;secure;samesite=strict
+  GssapiSessionKey file:{{ apache_gssapi_session_key }}
+
+apache_proxy_vhost_config: |
+  ProxyPreserveHost On
+  ProxyRequests Off
+apache_proxy_header_config: |
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Real-IP %{REMOTE_ADDR}s
+apache_proxy_config: |
+  {{ apache_proxy_vhost_config }}
+  {{ apache_proxy_header_config }}