setup apache conf and vhosts for sql and home

2015-09-20 22:41:11 -04:00
parent c187c1005c
commit 867a6dffb8
7 changed files with 288 additions and 10 deletions
--- a/roles/home.xai-corp.net/defaults/main.yml
+++ b/roles/home.xai-corp.net/defaults/main.yml
@@ -2,3 +2,10 @@
 # defaults/main.yml
 # define default variable values here

+websites:
+  available:
+    - home.xai-corp.net
+    - sql.xai-corp.net
+  enabled:
+    - home.xai-corp.net
+    - sql.xai-corp.net
--- a/roles/home.xai-corp.net/handlers/main.yml
+++ b/roles/home.xai-corp.net/handlers/main.yml
@@ -7,3 +7,9 @@

 #- name: stop <service>
 #  service: name=<service> state=stopped
+
+- name: restart apache2
+  service: name=apache2 state=restarted
+
+- name: reload apache2
+  service: name=apache2 state=reloaded
--- a/roles/home.xai-corp.net/tasks/vhosts.yml
+++ b/roles/home.xai-corp.net/tasks/vhosts.yml
@@ -2,14 +2,38 @@
  #
  # setup the vhosts for apache based websites

+# - name: fetch existing vhosts
+  # fetch: src=/etc/apache2/vhost-available/{{ item }} dest=backups/
+  # with_items:
+    # - 00_default_ssl_vhost.conf
+    # - 00_default_vhost.conf
+    # - 01_home_vhost.conf
+    # - 02_test_vhost.conf
+    # - 04_sql_vhost.conf
+    # - 05_mail_vhost.conf
+    # - default_vhost.include
+#
+# - fetch: src=/etc/apache2/httpd.conf dest=backups/

- name: fetch existing vhosts
-  fetch: src=/etc/apache2/vhost-available/{{ item }} dest=backups/
+- name: create vhost dirs
+  file: state=directory path=/etc/apache2/{{ item }} owner=root group=root mode=0750
  with_items:
-    - 00_default_ssl_vhost.conf
-    - 00_default_vhost.conf
-    - 01_home_vhost.conf
-    - 02_test_vhost.conf
-    - 04_sql_vhost.conf
-    - 05_mail_vhost.conf
-    - default_vhost.include
+    - sites-available
+    - sites-enabled
+
+- name: main apache conf
+  template: src=httpd.conf dest=/etc/apache2/httpd.conf owner=root group=root mode=640
+  notify:
+    - reload apache2
+
+- name: setup available vhosts
+  template: src={{ item }}.j2 dest=/etc/apache2/sites-available/{{ item }}.conf owner=root group=root mode=0640
+  with_items: "{{ websites.available }}"
+  notify:
+    - reload apache2
+
+- name: enable sites
+  file: state=link src=/etc/apache2/sites-available/{{ item }}.conf dest=/etc/apache2/sites-enabled/{{ item }}.conf
+  with_items: "{{ websites.enabled }}"
+  notify:
+    - reload apache2
--- a/roles/home.xai-corp.net/templates/home.xai-corp.net.j2
+++ b/roles/home.xai-corp.net/templates/home.xai-corp.net.j2
@@ -0,0 +1,28 @@
+<IfModule ssl_module>
+
+  <VirtualHost *:80>
+    ServerName home.xai-corp.net
+    Redirect / https://home.xai-corp.net/
+  </VirtualHost>
+  
+  <VirtualHost *:443>
+    ServerName home.xai-corp.net
+    ServerAdmin admin@xai-corp.net
+    DocumentRoot "/var/www/home.xai-corp.net/public"
+
+    SSLEngine on
+    SSLProtocol ALL -SSLv2 -SSLv3
+    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-S$
+    SSLHonorCipherOrder On
+    SSLCertificateFile /etc/ssl/apache2/home.xai-corp.net.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/home.xai-corp.net.key
+
+    <Directory "/var/www/home.xai-corp.net/public">
+      		Options Indexes FollowSymLinks
+		AllowOverride All
+		Order deny,allow
+		Allow from 192.168.2.
+    </Directory>
+  </VirtualHost>
+
+</IfModule>
--- a/roles/home.xai-corp.net/templates/httpd.conf
+++ b/roles/home.xai-corp.net/templates/httpd.conf
@@ -0,0 +1,181 @@
+# This is a modification of the default Apache 2.2 configuration file
+# for Gentoo Linux.
+#
+# Support:
+#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
+#   http://forums.gentoo.org/                 [web forums]
+#   irc://irc.freenode.net#gentoo-apache      [irc chat]
+#
+# Bug Reports:
+#   http://bugs.gentoo.org                    [gentoo related bugs]
+#   http://httpd.apache.org/bug_report.html   [apache httpd related bugs]
+#
+#
+# This is the main Apache HTTP server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
+# In particular, see
+# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
+# with ServerRoot set to "/usr" will be interpreted by the
+# server as "/usr/var/log/apache2/foo.log".
+
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path.  If you point
+# ServerRoot at a non-local disk, be sure to point the LockFile directive
+# at a local disk.  If you wish to share the same ServerRoot for multiple
+# httpd daemons, you will need to change at least LockFile and PidFile.
+ServerRoot "/usr/lib/apache2"
+
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
+#         Do not change manually, it will be overwritten on upgrade.
+#
+# The following modules are considered as the default configuration.
+# If you wish to disable one of them, you may have to alter other
+# configuration directives.
+#
+# Change these at your own risk!
+
+LoadModule actions_module modules/mod_actions.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule authn_alias_module modules/mod_authn_alias.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_default_module modules/mod_authn_default.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_default_module modules/mod_authz_default.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule autoindex_module modules/mod_autoindex.so
+<IfDefine CACHE>
+LoadModule cache_module modules/mod_cache.so
+</IfDefine>
+LoadModule cgi_module modules/mod_cgi.so
+LoadModule cgid_module modules/mod_cgid.so
+<IfDefine DAV>
+LoadModule dav_module modules/mod_dav.so
+</IfDefine>
+<IfDefine DAV>
+LoadModule dav_fs_module modules/mod_dav_fs.so
+</IfDefine>
+<IfDefine DAV>
+LoadModule dav_lock_module modules/mod_dav_lock.so
+</IfDefine>
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule dir_module modules/mod_dir.so
+<IfDefine CACHE>
+LoadModule disk_cache_module modules/mod_disk_cache.so
+</IfDefine>
+LoadModule env_module modules/mod_env.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+<IfDefine CACHE>
+LoadModule file_cache_module modules/mod_file_cache.so
+</IfDefine>
+LoadModule filter_module modules/mod_filter.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule include_module modules/mod_include.so
+<IfDefine INFO>
+LoadModule info_module modules/mod_info.so
+</IfDefine>
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+<IfDefine CACHE>
+LoadModule mem_cache_module modules/mod_mem_cache.so
+</IfDefine>
+LoadModule mime_module modules/mod_mime.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule negotiation_module modules/mod_negotiation.so
+<IfDefine PROXY>
+LoadModule proxy_module modules/mod_proxy.so
+</IfDefine>
+<IfDefine PROXY>
+LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+</IfDefine>
+<IfDefine PROXY>
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+</IfDefine>
+<IfDefine PROXY>
+LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+</IfDefine>
+<IfDefine PROXY>
+LoadModule proxy_http_module modules/mod_proxy_http.so
+</IfDefine>
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule speling_module modules/mod_speling.so
+<IfDefine SSL>
+LoadModule ssl_module modules/mod_ssl.so
+</IfDefine>
+<IfDefine STATUS>
+LoadModule status_module modules/mod_status.so
+</IfDefine>
+LoadModule unique_id_module modules/mod_unique_id.so
+<IfDefine USERDIR>
+LoadModule userdir_module modules/mod_userdir.so
+</IfDefine>
+LoadModule usertrack_module modules/mod_usertrack.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+User apache
+Group apache
+
+# Supplemental configuration
+#
+# Most of the configuration files in the /etc/apache2/modules.d/ directory can
+# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
+# or to modify the default configuration of the server.
+#
+# To know which flag to add to APACHE2_OPTS, look at the first line of the
+# the file, which will usually be an <IfDefine OPTION> where OPTION is the
+# flag to use.
+Include /etc/apache2/modules.d/*.conf
+
+# Virtual-host support
+#
+# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
+# include a default vhost (enabled by adding -D DEFAULT_VHOST to
+# APACHE2_OPTS in /etc/conf.d/apache2).
+#Include /etc/apache2/vhosts.d/*.conf
+Include /etc/apache2/sites-enabled/*.conf
+
+ServerName localhost
+Listen 80
+NameVirtualHost *:80
+
+Listen 443
+NameVirtualHost *:443
+
+# vim: ts=4 filetype=apache
--- a/roles/home.xai-corp.net/templates/sql.xai-corp.net.j2
+++ b/roles/home.xai-corp.net/templates/sql.xai-corp.net.j2
@@ -0,0 +1,29 @@
+<IfModule ssl_module>
+
+  <VirtualHost *:80>
+    ServerName sql.xai-corp.net
+    Redirect / https://sql.xai-corp.net/
+  </VirtualHost>
+
+  <VirtualHost *:443>
+    ServerName sql.xai-corp.net
+    ServerAdmin admin@xai-corp.net
+    DocumentRoot "/var/www/sql.xai-corp.net/htdocs"
+
+    SSLEngine on
+    SSLProtocol ALL -SSLv2 -SSLv3
+    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-S$
+    SSLHonorCipherOrder On
+    SSLCertificateFile /etc/ssl/apache2/sql.xai-corp.net.crt
+    SSLCertificateKeyFile /etc/ssl/apache2/sql.xai-corp.net.key
+
+    <Directory "/var/www/sql.xai-corp.net/htdocs">
+                Options Indexes FollowSymLinks
+                AllowOverride All
+                Order deny,allow
+                Allow from 192.168.2.
+    </Directory>
+  </VirtualHost>
+
+</IfModule>
+