From 07c53212a08cbdcfd00a809b151f67eb56ddea25 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Mon, 23 Nov 2020 16:25:40 +0100 Subject: [PATCH] Add httpd setup and role for docker proxy in Apache2 --- httpd.yml | 33 +++++++++++++++++++ roles/setup-http-site-proxy/handlers/main.yml | 5 +++ roles/setup-http-site-proxy/tasks/main.yml | 12 +++++++ .../templates/apache-docker-proxy-site.j2 | 30 +++++++++++++++++ 4 files changed, 80 insertions(+) create mode 100644 httpd.yml create mode 100644 roles/setup-http-site-proxy/handlers/main.yml create mode 100644 roles/setup-http-site-proxy/tasks/main.yml create mode 100644 roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 diff --git a/httpd.yml b/httpd.yml new file mode 100644 index 0000000..73dcebf --- /dev/null +++ b/httpd.yml @@ -0,0 +1,33 @@ +--- +- hosts: tau + become: true + + vars: + - server_admin: "admin@netz39.de" + + + tasks: + - name: Update and clean package cache + apt: + update_cache: true + cache_valid_time: 3600 + autoclean: true + + - name: Ensure Apache2 and modules are installed and up to date + apt: + name: + - apache2 + state: latest + + - name: Ensure mod_rewrite is enabled + apache2_module: + name: rewrite + state: present + + + - name: Setup proxy site testredmine.netz39.de + include_role: + name: setup-http-site-proxy + vars: + site_name: testredmine.netz39.de + proxy_port: 9004 diff --git a/roles/setup-http-site-proxy/handlers/main.yml b/roles/setup-http-site-proxy/handlers/main.yml new file mode 100644 index 0000000..670471f --- /dev/null +++ b/roles/setup-http-site-proxy/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: restart apache2 + service: + name: apache2 + state: restarted diff --git a/roles/setup-http-site-proxy/tasks/main.yml b/roles/setup-http-site-proxy/tasks/main.yml new file mode 100644 index 0000000..70f5f5c --- /dev/null +++ b/roles/setup-http-site-proxy/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: Add or update Apache2 site + template: + src: templates/apache-docker-proxy-site.j2 + dest: /etc/apache2/sites-available/{{site_name}}.conf + notify: restart apache2 + +- name: Activate Apache2 site + command: a2ensite {{ site_name}} + args: + creates: /etc/apache2/sites-enabled/{{ site_name }}.conf + notify: restart apache2 diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 new file mode 100644 index 0000000..8e5bf88 --- /dev/null +++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 @@ -0,0 +1,30 @@ + + ServerAdmin {{ server_admin }} + ServerName {{ site_name }} + ServerAlias {{ site_name }} + ErrorLog /var/log/apache2/{{ site_name }}-error.log + CustomLog /var/log/apache2/{{ site_name }}-access.log common + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ + RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + + + + + ServerAdmin {{ server_admin }} + ServerName {{ site_name }} + ServerAlias {{ site_name }} + + ErrorLog /var/log/apache2/{{ site_name }}-error.log + CustomLog /var/log/apache2/{{ site_name }}-access.log common + + SSLEngine on + SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown + SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem + SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem + SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem + + ProxyPass / http://localhost:{{proxy_port}}/ +