mirror of
https://github.com/de-it-krachten/ansible-role-apache
synced 2026-05-14 11:41:42 +00:00
No description
- Jinja 100%
28d17a7cdc
# [1.10.0](https://github.com/de-it-krachten/ansible-role-apache/compare/v1.9.0...v1.10.0) (2026-03-15) ### Features * Drop support for openSUSE Leap 15 ([ |
||
|---|---|---|
| .github/workflows | ||
| defaults | ||
| handlers | ||
| meta | ||
| molecule/default | ||
| tasks | ||
| templates | ||
| .ansible-lint | ||
| .cicd | ||
| .cicd.overwrite | ||
| .collections | ||
| .gitignore | ||
| .releaserc.yml | ||
| .roles | ||
| .yamllint | ||
| CHANGELOG.md | ||
| README.md | ||
ansible-role-apache
Manages apache webserver
Dependencies
Roles
None
Collections
None
Platforms
Supported platforms
- Red Hat Enterprise Linux 81
- Red Hat Enterprise Linux 91
- Red Hat Enterprise Linux 101
- RockyLinux 8
- RockyLinux 9
- RockyLinux 10
- OracleLinux 8
- OracleLinux 9
- OracleLinux 10
- AlmaLinux 8
- AlmaLinux 9
- AlmaLinux 10
- Debian 11 (Bullseye)
- Debian 12 (Bookworm)
- Debian 13 (Trixie)
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 24.04 LTS
Note: 1 : no automated testing is performed on these platforms
Role Variables
defaults/main.yml
# Main path to create vhosts into
apache_wwwdir: /var/www
apache_vhostdir: /var/www
# List of vhosts
apache_vhosts: []
# SSL/TLS keys
apache_ssl: true
apache_ssl_key: "{{ apache_ssl_priv_path }}/{{ apache_fqdn }}.key"
apache_ssl_crt: "{{ apache_ssl_certs_path }}/{{ apache_fqdn }}.crt"
apache_ssl_chain: "{{ apache_ssl_certs_path }}/{{ apache_fqdn }}.chain.crt"
apache_ssl_fullchain: "{{ apache_ssl_certs_path }}/{{ apache_fqdn }}.fullchain.crt"
# SSL/TLS settings
apache_ssl_settings:
Listen: "443 {{ '127.0.0.1:' if (sslh_active is defined and sslh_active|bool) }}https"
SSLCertificateFile: '{{ apache_ssl_crt }}'
SSLCertificateKeyFile: '{{ apache_ssl_key }}'
SSLCertificateChainFile: '{{ apache_ssl_chain }}'
SSLProtocol: 'all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1'
SSLCipherSuite: 'HIGH:!aNULL:!MD5:!3DES:!SEED:!IDEA'
SSLHonorCipherOrder: 'on'
# Defaul firewall ports
apache_fw_ports:
- { port: 80, proto: tcp }
- { port: 443, proto: tcp }
defaults/family-Debian.yml
# SSL private + certificate store
apache_ssl_certs_path: /etc/ssl/certs
apache_ssl_priv_path: /etc/ssl/private
# Packages required
apache_packages:
- apache2
- apache2-utils
- openssl
# log directory
apache_logdir: /var/log/apache2
# Apache service
apache_service: apache2
# Apache configuration directory
apache_conf_dir: /etc/apache2/sites-available
# Apache SSL configuration
apache_ssl_conf: /etc/apache2/sites-available/default-ssl.conf
# Default user / group
apache_user: www-data
apache_group: www-data
defaults/family-RedHat.yml
# SSL private + certificate store
apache_ssl_certs_path: /etc/pki/tls/certs
apache_ssl_priv_path: /etc/pki/tls/private
# Packages required
apache_packages:
- httpd
- mod_ssl
- openssl
# log directory
apache_logdir: /var/log/httpd
# Apache service
apache_service: httpd
# Apache configuration directory
apache_conf_dir: /etc/httpd/conf.d
# Apache SSL configuration
apache_ssl_conf: /etc/httpd/conf.d/ssl.conf
# Default user / group
apache_user: apache
apache_group: apache
# Main path to create vhosts into
apache_wwwdir: /var/www
apache_vhostdir: /var/www
defaults/family-Suse.yml
# Main path to create vhosts into
# apache_wwwdir: /srv/www
# apache_vhostdir: /srv/www
# SSL private + certificate store
apache_ssl_certs_path: /etc/ssl/certs
apache_ssl_priv_path: /etc/ssl/private
# Packages required
apache_packages:
- apache2
- apache2-utils
- apache2-mod_nss
- openssl
# log directory
apache_logdir: /var/log/apache2
# Apache service
apache_service: apache2
# Apache configuration directory
apache_conf_dir: /etc/apache2/conf.d
# Apache SSL configuration
apache_ssl_conf: /etc/apache2/ssl-global.conf
# Default user / group
apache_user: wwwrun
apache_group: wwwrun
Example Playbook
molecule/default/converge.yml
- name: sample playbook for role 'apache'
hosts: all
become: 'yes'
vars:
molecule_driver: '{{ lookup(''env'', ''MOLECULE_DRIVER_NAME'') }}'
openssl_fqdn: server.example.com
openssl_fqdn_additional:
- vhost1.example.com
- vhost2.example.com
apache_fqdn: server.example.com
apache_ssl_key: '{{ openssl_server_key }}'
apache_ssl_crt: '{{ openssl_server_crt }}'
apache_ssl_chain: '{{ openssl_server_crt }}'
apache_index_html: true
apache_vhosts: '[{''vhost'': ''vhost1.example.com'', ''alias'': ''vhost1-alias.example.com'',
''domain'': ''vhost1.example.com'', ''template'': ''vhost.conf.j2'', ''listen'':
''*'', ''port'': ''443'', ''ssl'': True, ''ssl_copy'': True, ''ssl_key'': ''files/vhost1.example.com.key'',
''ssl_crt'': ''files/vhost1.example.com.crt'', ''ssl_chain'': ''files/vhost1.example.com.crt'',
''index_html'': True, ''allow_override_all'': True, ''require_all_granted'':
True}, {''vhost'': ''vhost2.example.com'', ''alias'': ''vhost2-alias.example.com'',
''domain'': ''vhost2.example.com'', ''template'': ''vhost.conf.j2'', ''listen'':
''*'', ''port'': ''443'', ''ssl'': True, ''ssl_copy'': True, ''ssl_key'': ''{{
openssl_server_key }}'', ''ssl_crt'': ''{{ openssl_server_crt }}'', ''ssl_chain'':
''{{ openssl_server_crt }}'', ''index_html'': True, ''allow_override_all'':
True, ''require_all_granted'': True}]'
roles:
- deitkrachten.openssl
tasks:
- name: Include role 'apache'
ansible.builtin.include_role:
name: apache