diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-05-31 21:35:04 -0400 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-05-31 21:35:04 -0400 |
commit | 236d813994acd076ce96d764d569ee6bb3da98f9 (patch) | |
tree | 33f811ba7f557032601356218ff11d67a4895ffe /roles/apache_vhost | |
parent | 9cbb7d043e7379f9d7e7c81cd75fcd2176a0b322 (diff) | |
download | selfhosted-236d813994acd076ce96d764d569ee6bb3da98f9.tar.gz selfhosted-236d813994acd076ce96d764d569ee6bb3da98f9.zip |
add synapse role
Diffstat (limited to 'roles/apache_vhost')
-rw-r--r-- | roles/apache_vhost/README.md | 4 | ||||
-rw-r--r-- | roles/apache_vhost/defaults/main.yml | 3 | ||||
-rw-r--r-- | roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 | 14 |
3 files changed, 12 insertions, 9 deletions
diff --git a/roles/apache_vhost/README.md b/roles/apache_vhost/README.md index 186ef4b..7d05b2e 100644 --- a/roles/apache_vhost/README.md +++ b/roles/apache_vhost/README.md @@ -18,13 +18,15 @@ Variable | Default | Desc `apache_server_name` | `{{ ansible_fqdn }}` | [ServerName](https://httpd.apache.org/docs/2.4/mod/core.html#servername) value `apache_server_aliases` | `[]` if `apache_letsencrypt`, else `cnames` | [ServerAlias](https://httpd.apache.org/docs/2.4/mod/core.html#serveralias) values `apache_config_name` | `{{ apache_server_name }}` | Name of config file in `/etc/httpd/conf.d` -`apache_listen` | `*` | Network interface for VirtualHost +`apache_listen_ip` | `*` | Listening IP for virtual host +`apache_listen_port` | `80` for HTTP, `443` for HTTPS | Listening port for virtual host `apache_default_vhost` | no | Make this VirtualHost the default if no other VirtualHosts match the request `apache_document_root` | | Path to [DocumentRoot](https://httpd.apache.org/docs/2.4/mod/core.html#documentroot) `apache_autoindex` | no | Automatically generate file listings `apache_use_ssl` | yes | Enable HTTPS `apache_letsencrypt` | no | Use LetsEncrypt (rather than FreeIPA) to acquire certificates `apache_redirect_to_https` | yes | 301 redirect HTTP requests to HTTPS +`apache_ssl_only` | yes | Disable HTTP listener `apache_use_http2` | yes | Enable HTTP2 protocol `apache_canonical_hostname` | | 301 redirect all requests to this hostname `apache_config` | | VirtualHost config block (see usage below) diff --git a/roles/apache_vhost/defaults/main.yml b/roles/apache_vhost/defaults/main.yml index 9a91522..c941e8c 100644 --- a/roles/apache_vhost/defaults/main.yml +++ b/roles/apache_vhost/defaults/main.yml @@ -4,7 +4,7 @@ apache_server_aliases: '{{ [] if apache_letsencrypt else cnames }}' apache_default_vhost: no apache_config_name: '{{ apache_server_name }}' -apache_listen: '*' +apache_listen_ip: '*' apache_autoindex: no @@ -12,5 +12,6 @@ apache_letsencrypt: no apache_use_ssl: yes apache_use_http2: yes apache_redirect_to_https: yes +apache_ssl_only: no apache_config: '' diff --git a/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 b/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 index 12a682e..4eae9af 100644 --- a/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 +++ b/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 @@ -1,5 +1,5 @@ -{% if apache_use_ssl and apache_redirect_to_https %} -<VirtualHost {{ apache_listen }}:80> +{% if apache_use_ssl and apache_redirect_to_https and not apache_ssl_only %} +<VirtualHost {{ apache_listen_ip }}:80> ServerName {{ apache_server_name }} {% for alias in apache_server_aliases %} ServerAlias {{ alias }} @@ -15,10 +15,10 @@ RewriteRule (.*) https://%{HTTP_HOST}$1 [R=permanent,L] </VirtualHost> -{% else %} +{% elif not apache_ssl_only %} {% if apache_canonical_hostname is defined and (apache_server_aliases | length > 0) %} -<VirtualHost {{ apache_listen }}:80> +<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port | default(80) }}> {% for alias in ([apache_server_name] + apache_server_aliases) | reject('equalto', apache_canonical_hostname) | list %} {% if loop.first %} ServerName {{ alias }} @@ -36,7 +36,7 @@ </VirtualHost> {% endif %} -<VirtualHost {{ apache_listen }}:80> +<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port | default(80) }}> {% if apache_document_root is defined %} DocumentRoot "{{ apache_document_root }}" {% endif %} @@ -73,7 +73,7 @@ {% if apache_use_ssl %} {% if apache_canonical_hostname is defined and (apache_server_aliases | length > 0) %} -<VirtualHost {{ apache_listen }}:443> +<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port | default(443) }}> {% for alias in ([apache_server_name] + apache_server_aliases) | reject('equalto', apache_canonical_hostname) | list %} {% if loop.first %} ServerName {{ alias }} @@ -96,7 +96,7 @@ </VirtualHost> {% endif %} -<VirtualHost {{ apache_listen }}:443> +<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port | default(443) }}> {% if apache_document_root is defined %} DocumentRoot "{{ apache_document_root }}" {% endif %} |