diff options
Diffstat (limited to 'roles/apache')
-rw-r--r-- | roles/apache/README.md | 2 | ||||
-rw-r--r-- | roles/apache/defaults/main.yml | 6 | ||||
-rw-r--r-- | roles/apache/tasks/main.yml | 14 | ||||
-rw-r--r-- | roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 | 4 | ||||
-rw-r--r-- | roles/apache/templates/etc/httpd/conf/httpd.conf.j2 | 4 |
5 files changed, 24 insertions, 6 deletions
diff --git a/roles/apache/README.md b/roles/apache/README.md index 77f0ec9..ce203d3 100644 --- a/roles/apache/README.md +++ b/roles/apache/README.md @@ -14,6 +14,8 @@ This role **accepts** the following variables: Variable | Default | Description ---------------------------------|-----------|------------ +`apache_listen_ports` | `[80]` | HTTP ports to listen on +`apache_ssl_listen_ports` | `[443]` | HTTPS ports to listen on `apache_use_nfs` | no | Value of the `httpd_use_nfs` SELinux boolean `apache_can_network_relay` | yes | Value of the `httpd_can_network_relay` SELinux boolean `apache_can_network_connect` | no | Value of the `httpd_can_network_connect` SELinux boolean diff --git a/roles/apache/defaults/main.yml b/roles/apache/defaults/main.yml index b0605ba..b5dad87 100644 --- a/roles/apache/defaults/main.yml +++ b/roles/apache/defaults/main.yml @@ -6,6 +6,12 @@ apache_can_connect_ldap: no apache_can_sendmail: no apache_gssapi: no +apache_listen_ports: + - 80 + +apache_ssl_listen_ports: + - 443 + apache_sysaccount_username: apache apache_backup_dirs: [] diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 4892782..dacd9cb 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -45,6 +45,14 @@ import_tasks: gssapi.yml when: apache_gssapi or apache_use_nfs +- name: set http_port_t selinux context for http ports + seport: + ports: '{{ apache_listen_ports + apache_ssl_listen_ports }}' + proto: tcp + setype: http_port_t + state: present + tags: selinux + - name: enable apache systemd: name: httpd @@ -53,11 +61,9 @@ - name: open firewall ports firewalld: - service: '{{ item }}' + port: '{{ item }}/tcp' permanent: yes immediate: yes state: enabled - loop: - - http - - https + loop: '{{ apache_listen_ports + apache_ssl_listen_ports }}' tags: firewalld diff --git a/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 b/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 index eb85a29..31e91d1 100644 --- a/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 +++ b/roles/apache/templates/etc/httpd/conf.d/ssl.conf.j2 @@ -1,4 +1,6 @@ -Listen 443 https +{% for port in apache_ssl_listen_ports %} +Listen {{ port }} https +{% endfor %} SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog diff --git a/roles/apache/templates/etc/httpd/conf/httpd.conf.j2 b/roles/apache/templates/etc/httpd/conf/httpd.conf.j2 index d34c4a9..6e52049 100644 --- a/roles/apache/templates/etc/httpd/conf/httpd.conf.j2 +++ b/roles/apache/templates/etc/httpd/conf/httpd.conf.j2 @@ -1,6 +1,8 @@ ServerRoot "/etc/httpd" -Listen 80 +{% for port in apache_listen_ports %} +Listen {{ port }} +{% endfor %} Include conf.modules.d/*.conf |