From 867a6dffb882f004505a1694d4d5d4631a8ae7f9 Mon Sep 17 00:00:00 2001 From: richard Date: Sun, 20 Sep 2015 22:41:11 -0400 Subject: [PATCH] setup apache conf and vhosts for sql and home --- .gitignore | 5 +- roles/home.xai-corp.net/defaults/main.yml | 7 + roles/home.xai-corp.net/handlers/main.yml | 6 + roles/home.xai-corp.net/tasks/vhosts.yml | 42 +++- .../templates/home.xai-corp.net.j2 | 28 +++ roles/home.xai-corp.net/templates/httpd.conf | 181 ++++++++++++++++++ .../templates/sql.xai-corp.net.j2 | 29 +++ 7 files changed, 288 insertions(+), 10 deletions(-) create mode 100644 roles/home.xai-corp.net/templates/home.xai-corp.net.j2 create mode 100644 roles/home.xai-corp.net/templates/httpd.conf create mode 100644 roles/home.xai-corp.net/templates/sql.xai-corp.net.j2 diff --git a/.gitignore b/.gitignore index e4733d6..9b797d3 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,7 @@ ;Aptana Studio poject files .project -.settings \ No newline at end of file +.settings + +# backup folder used to fetch files from targets +backups/ \ No newline at end of file diff --git a/roles/home.xai-corp.net/defaults/main.yml b/roles/home.xai-corp.net/defaults/main.yml index 5fe8fbc..8f3b8f4 100644 --- a/roles/home.xai-corp.net/defaults/main.yml +++ b/roles/home.xai-corp.net/defaults/main.yml @@ -2,3 +2,10 @@ # defaults/main.yml # define default variable values here +websites: + available: + - home.xai-corp.net + - sql.xai-corp.net + enabled: + - home.xai-corp.net + - sql.xai-corp.net \ No newline at end of file diff --git a/roles/home.xai-corp.net/handlers/main.yml b/roles/home.xai-corp.net/handlers/main.yml index 78a2b67..2708bcf 100644 --- a/roles/home.xai-corp.net/handlers/main.yml +++ b/roles/home.xai-corp.net/handlers/main.yml @@ -7,3 +7,9 @@ #- name: stop # service: name= state=stopped + +- name: restart apache2 + service: name=apache2 state=restarted + +- name: reload apache2 + service: name=apache2 state=reloaded \ No newline at end of file diff --git a/roles/home.xai-corp.net/tasks/vhosts.yml b/roles/home.xai-corp.net/tasks/vhosts.yml index 317a0ab..287414b 100644 --- a/roles/home.xai-corp.net/tasks/vhosts.yml +++ b/roles/home.xai-corp.net/tasks/vhosts.yml @@ -2,14 +2,38 @@ # # setup the vhosts for apache based websites +# - name: fetch existing vhosts + # fetch: src=/etc/apache2/vhost-available/{{ item }} dest=backups/ + # with_items: + # - 00_default_ssl_vhost.conf + # - 00_default_vhost.conf + # - 01_home_vhost.conf + # - 02_test_vhost.conf + # - 04_sql_vhost.conf + # - 05_mail_vhost.conf + # - default_vhost.include +# +# - fetch: src=/etc/apache2/httpd.conf dest=backups/ -- name: fetch existing vhosts - fetch: src=/etc/apache2/vhost-available/{{ item }} dest=backups/ +- name: create vhost dirs + file: state=directory path=/etc/apache2/{{ item }} owner=root group=root mode=0750 with_items: - - 00_default_ssl_vhost.conf - - 00_default_vhost.conf - - 01_home_vhost.conf - - 02_test_vhost.conf - - 04_sql_vhost.conf - - 05_mail_vhost.conf - - default_vhost.include + - sites-available + - sites-enabled + +- name: main apache conf + template: src=httpd.conf dest=/etc/apache2/httpd.conf owner=root group=root mode=640 + notify: + - reload apache2 + +- name: setup available vhosts + template: src={{ item }}.j2 dest=/etc/apache2/sites-available/{{ item }}.conf owner=root group=root mode=0640 + with_items: "{{ websites.available }}" + notify: + - reload apache2 + +- name: enable sites + file: state=link src=/etc/apache2/sites-available/{{ item }}.conf dest=/etc/apache2/sites-enabled/{{ item }}.conf + with_items: "{{ websites.enabled }}" + notify: + - reload apache2 diff --git a/roles/home.xai-corp.net/templates/home.xai-corp.net.j2 b/roles/home.xai-corp.net/templates/home.xai-corp.net.j2 new file mode 100644 index 0000000..18a0eb2 --- /dev/null +++ b/roles/home.xai-corp.net/templates/home.xai-corp.net.j2 @@ -0,0 +1,28 @@ + + + + ServerName home.xai-corp.net + Redirect / https://home.xai-corp.net/ + + + + ServerName home.xai-corp.net + ServerAdmin admin@xai-corp.net + DocumentRoot "/var/www/home.xai-corp.net/public" + + SSLEngine on + SSLProtocol ALL -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-S$ + SSLHonorCipherOrder On + SSLCertificateFile /etc/ssl/apache2/home.xai-corp.net.crt + SSLCertificateKeyFile /etc/ssl/apache2/home.xai-corp.net.key + + + Options Indexes FollowSymLinks + AllowOverride All + Order deny,allow + Allow from 192.168.2. + + + + diff --git a/roles/home.xai-corp.net/templates/httpd.conf b/roles/home.xai-corp.net/templates/httpd.conf new file mode 100644 index 0000000..6df0630 --- /dev/null +++ b/roles/home.xai-corp.net/templates/httpd.conf @@ -0,0 +1,181 @@ +# This is a modification of the default Apache 2.2 configuration file +# for Gentoo Linux. +# +# Support: +# http://www.gentoo.org/main/en/lists.xml [mailing lists] +# http://forums.gentoo.org/ [web forums] +# irc://irc.freenode.net#gentoo-apache [irc chat] +# +# Bug Reports: +# http://bugs.gentoo.org [gentoo related bugs] +# http://httpd.apache.org/bug_report.html [apache httpd related bugs] +# +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log" +# with ServerRoot set to "/usr" will be interpreted by the +# server as "/usr/var/log/apache2/foo.log". + +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to point the LockFile directive +# at a local disk. If you wish to share the same ServerRoot for multiple +# httpd daemons, you will need to change at least LockFile and PidFile. +ServerRoot "/usr/lib/apache2" + +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable. +# Do not change manually, it will be overwritten on upgrade. +# +# The following modules are considered as the default configuration. +# If you wish to disable one of them, you may have to alter other +# configuration directives. +# +# Change these at your own risk! + +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule authn_alias_module modules/mod_authn_alias.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_default_module modules/mod_authn_default.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_default_module modules/mod_authz_default.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so + +LoadModule cache_module modules/mod_cache.so + +LoadModule cgi_module modules/mod_cgi.so +LoadModule cgid_module modules/mod_cgid.so + +LoadModule dav_module modules/mod_dav.so + + +LoadModule dav_fs_module modules/mod_dav_fs.so + + +LoadModule dav_lock_module modules/mod_dav_lock.so + +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so + +LoadModule disk_cache_module modules/mod_disk_cache.so + +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so + +LoadModule file_cache_module modules/mod_file_cache.so + +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule include_module modules/mod_include.so + +LoadModule info_module modules/mod_info.so + +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so + +LoadModule mem_cache_module modules/mod_mem_cache.so + +LoadModule mime_module modules/mod_mime.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule negotiation_module modules/mod_negotiation.so + +LoadModule proxy_module modules/mod_proxy.so + + +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so + + +LoadModule proxy_connect_module modules/mod_proxy_connect.so + + +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so + + +LoadModule proxy_http_module modules/mod_proxy_http.so + +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule speling_module modules/mod_speling.so + +LoadModule ssl_module modules/mod_ssl.so + + +LoadModule status_module modules/mod_status.so + +LoadModule unique_id_module modules/mod_unique_id.so + +LoadModule userdir_module modules/mod_userdir.so + +LoadModule usertrack_module modules/mod_usertrack.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so + +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +User apache +Group apache + +# Supplemental configuration +# +# Most of the configuration files in the /etc/apache2/modules.d/ directory can +# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features +# or to modify the default configuration of the server. +# +# To know which flag to add to APACHE2_OPTS, look at the first line of the +# the file, which will usually be an where OPTION is the +# flag to use. +Include /etc/apache2/modules.d/*.conf + +# Virtual-host support +# +# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we +# include a default vhost (enabled by adding -D DEFAULT_VHOST to +# APACHE2_OPTS in /etc/conf.d/apache2). +#Include /etc/apache2/vhosts.d/*.conf +Include /etc/apache2/sites-enabled/*.conf + +ServerName localhost +Listen 80 +NameVirtualHost *:80 + +Listen 443 +NameVirtualHost *:443 + +# vim: ts=4 filetype=apache diff --git a/roles/home.xai-corp.net/templates/sql.xai-corp.net.j2 b/roles/home.xai-corp.net/templates/sql.xai-corp.net.j2 new file mode 100644 index 0000000..b019a89 --- /dev/null +++ b/roles/home.xai-corp.net/templates/sql.xai-corp.net.j2 @@ -0,0 +1,29 @@ + + + + ServerName sql.xai-corp.net + Redirect / https://sql.xai-corp.net/ + + + + ServerName sql.xai-corp.net + ServerAdmin admin@xai-corp.net + DocumentRoot "/var/www/sql.xai-corp.net/htdocs" + + SSLEngine on + SSLProtocol ALL -SSLv2 -SSLv3 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-S$ + SSLHonorCipherOrder On + SSLCertificateFile /etc/ssl/apache2/sql.xai-corp.net.crt + SSLCertificateKeyFile /etc/ssl/apache2/sql.xai-corp.net.key + + + Options Indexes FollowSymLinks + AllowOverride All + Order deny,allow + Allow from 192.168.2. + + + + +