Add httpd setup and role for docker proxy in Apache2

2020-11-23 16:25:40 +01:00 · 2020-11-23 16:25:40 +01:00 · 07c53212a0
commit 07c53212a0
parent 290fc43f54
4 changed files with 80 additions and 0 deletions
--- a/httpd.yml
+++ b/httpd.yml
@ -0,0 +1,33 @@
 ---
 - hosts: tau
  become: true
  vars:
    - server_admin: "admin@netz39.de"
  tasks:
    - name: Update and clean package cache
      apt:
        update_cache: true
        cache_valid_time: 3600
        autoclean: true
    - name: Ensure Apache2 and modules are installed and up to date
      apt:
        name:
          - apache2
        state: latest
    - name: Ensure mod_rewrite is enabled
      apache2_module:
        name: rewrite
        state: present
    - name: Setup proxy site testredmine.netz39.de
      include_role:
        name: setup-http-site-proxy
      vars:
        site_name: testredmine.netz39.de
        proxy_port: 9004
--- a/roles/setup-http-site-proxy/handlers/main.yml
+++ b/roles/setup-http-site-proxy/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: restart apache2
  service:
    name: apache2
    state: restarted
--- a/roles/setup-http-site-proxy/tasks/main.yml
+++ b/roles/setup-http-site-proxy/tasks/main.yml
@ -0,0 +1,12 @@
 ---
 - name: Add or update Apache2 site
  template:
    src: templates/apache-docker-proxy-site.j2
    dest: /etc/apache2/sites-available/{{site_name}}.conf
  notify: restart apache2
 - name: Activate Apache2 site
  command: a2ensite {{ site_name}}
  args:
    creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
  notify: restart apache2
--- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
+++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
@ -0,0 +1,30 @@
 <VirtualHost {{ ansible_default_ipv4.address }}:80>
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
    ServerAlias {{ site_name }}
    ErrorLog /var/log/apache2/{{ site_name }}-error.log
    CustomLog /var/log/apache2/{{ site_name }}-access.log common
    <ifmodule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    </ifmodule>
 </VirtualHost>
 <VirtualHost {{ ansible_default_ipv4.address }}:443>
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
    ServerAlias {{ site_name }}
    ErrorLog /var/log/apache2/{{ site_name }}-error.log
    CustomLog /var/log/apache2/{{ site_name }}-access.log common
    SSLEngine on
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    SSLCertificateFile    /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
    ProxyPass / http://localhost:{{proxy_port}}/
 </VirtualHost>