From 236d813994acd076ce96d764d569ee6bb3da98f9 Mon Sep 17 00:00:00 2001 From: Stonewall Jackson Date: Wed, 31 May 2023 21:35:04 -0400 Subject: add synapse role --- roles/apache_vhost/README.md | 4 +++- roles/apache_vhost/defaults/main.yml | 3 ++- .../apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 | 14 +++++++------- 3 files changed, 12 insertions(+), 9 deletions(-) (limited to 'roles/apache_vhost') diff --git a/roles/apache_vhost/README.md b/roles/apache_vhost/README.md index 186ef4b..7d05b2e 100644 --- a/roles/apache_vhost/README.md +++ b/roles/apache_vhost/README.md @@ -18,13 +18,15 @@ Variable | Default | Desc `apache_server_name` | `{{ ansible_fqdn }}` | [ServerName](https://httpd.apache.org/docs/2.4/mod/core.html#servername) value `apache_server_aliases` | `[]` if `apache_letsencrypt`, else `cnames` | [ServerAlias](https://httpd.apache.org/docs/2.4/mod/core.html#serveralias) values `apache_config_name` | `{{ apache_server_name }}` | Name of config file in `/etc/httpd/conf.d` -`apache_listen` | `*` | Network interface for VirtualHost +`apache_listen_ip` | `*` | Listening IP for virtual host +`apache_listen_port` | `80` for HTTP, `443` for HTTPS | Listening port for virtual host `apache_default_vhost` | no | Make this VirtualHost the default if no other VirtualHosts match the request `apache_document_root` |   | Path to [DocumentRoot](https://httpd.apache.org/docs/2.4/mod/core.html#documentroot) `apache_autoindex` | no | Automatically generate file listings `apache_use_ssl` | yes | Enable HTTPS `apache_letsencrypt` | no | Use LetsEncrypt (rather than FreeIPA) to acquire certificates `apache_redirect_to_https` | yes | 301 redirect HTTP requests to HTTPS +`apache_ssl_only` | yes | Disable HTTP listener `apache_use_http2` | yes | Enable HTTP2 protocol `apache_canonical_hostname` |   | 301 redirect all requests to this hostname `apache_config` |   | VirtualHost config block (see usage below) diff --git a/roles/apache_vhost/defaults/main.yml b/roles/apache_vhost/defaults/main.yml index 9a91522..c941e8c 100644 --- a/roles/apache_vhost/defaults/main.yml +++ b/roles/apache_vhost/defaults/main.yml @@ -4,7 +4,7 @@ apache_server_aliases: '{{ [] if apache_letsencrypt else cnames }}' apache_default_vhost: no apache_config_name: '{{ apache_server_name }}' -apache_listen: '*' +apache_listen_ip: '*' apache_autoindex: no @@ -12,5 +12,6 @@ apache_letsencrypt: no apache_use_ssl: yes apache_use_http2: yes apache_redirect_to_https: yes +apache_ssl_only: no apache_config: '' diff --git a/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 b/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 index 12a682e..4eae9af 100644 --- a/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 +++ b/roles/apache_vhost/templates/etc/httpd/conf.d/vhost.conf.j2 @@ -1,5 +1,5 @@ -{% if apache_use_ssl and apache_redirect_to_https %} - +{% if apache_use_ssl and apache_redirect_to_https and not apache_ssl_only %} + ServerName {{ apache_server_name }} {% for alias in apache_server_aliases %} ServerAlias {{ alias }} @@ -15,10 +15,10 @@ RewriteRule (.*) https://%{HTTP_HOST}$1 [R=permanent,L] -{% else %} +{% elif not apache_ssl_only %} {% if apache_canonical_hostname is defined and (apache_server_aliases | length > 0) %} - + {% for alias in ([apache_server_name] + apache_server_aliases) | reject('equalto', apache_canonical_hostname) | list %} {% if loop.first %} ServerName {{ alias }} @@ -36,7 +36,7 @@ {% endif %} - + {% if apache_document_root is defined %} DocumentRoot "{{ apache_document_root }}" {% endif %} @@ -73,7 +73,7 @@ {% if apache_use_ssl %} {% if apache_canonical_hostname is defined and (apache_server_aliases | length > 0) %} - + {% for alias in ([apache_server_name] + apache_server_aliases) | reject('equalto', apache_canonical_hostname) | list %} {% if loop.first %} ServerName {{ alias }} @@ -96,7 +96,7 @@ {% endif %} - + {% if apache_document_root is defined %} DocumentRoot "{{ apache_document_root }}" {% endif %} -- cgit