forked from Netz39_Admin/netz39-infra-ansible
Add httpd setup and role for docker proxy in Apache2
This commit is contained in:
parent
290fc43f54
commit
07c53212a0
4 changed files with 80 additions and 0 deletions
33
httpd.yml
Normal file
33
httpd.yml
Normal file
|
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
- hosts: tau
|
||||||
|
become: true
|
||||||
|
|
||||||
|
vars:
|
||||||
|
- server_admin: "admin@netz39.de"
|
||||||
|
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Update and clean package cache
|
||||||
|
apt:
|
||||||
|
update_cache: true
|
||||||
|
cache_valid_time: 3600
|
||||||
|
autoclean: true
|
||||||
|
|
||||||
|
- name: Ensure Apache2 and modules are installed and up to date
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- apache2
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: Ensure mod_rewrite is enabled
|
||||||
|
apache2_module:
|
||||||
|
name: rewrite
|
||||||
|
state: present
|
||||||
|
|
||||||
|
|
||||||
|
- name: Setup proxy site testredmine.netz39.de
|
||||||
|
include_role:
|
||||||
|
name: setup-http-site-proxy
|
||||||
|
vars:
|
||||||
|
site_name: testredmine.netz39.de
|
||||||
|
proxy_port: 9004
|
||||||
5
roles/setup-http-site-proxy/handlers/main.yml
Normal file
5
roles/setup-http-site-proxy/handlers/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: restart apache2
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: restarted
|
||||||
12
roles/setup-http-site-proxy/tasks/main.yml
Normal file
12
roles/setup-http-site-proxy/tasks/main.yml
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Add or update Apache2 site
|
||||||
|
template:
|
||||||
|
src: templates/apache-docker-proxy-site.j2
|
||||||
|
dest: /etc/apache2/sites-available/{{site_name}}.conf
|
||||||
|
notify: restart apache2
|
||||||
|
|
||||||
|
- name: Activate Apache2 site
|
||||||
|
command: a2ensite {{ site_name}}
|
||||||
|
args:
|
||||||
|
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
|
||||||
|
notify: restart apache2
|
||||||
|
|
@ -0,0 +1,30 @@
|
||||||
|
<VirtualHost {{ ansible_default_ipv4.address }}:80>
|
||||||
|
ServerAdmin {{ server_admin }}
|
||||||
|
ServerName {{ site_name }}
|
||||||
|
ServerAlias {{ site_name }}
|
||||||
|
ErrorLog /var/log/apache2/{{ site_name }}-error.log
|
||||||
|
CustomLog /var/log/apache2/{{ site_name }}-access.log common
|
||||||
|
|
||||||
|
<ifmodule mod_rewrite.c>
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
|
||||||
|
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
|
||||||
|
</ifmodule>
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost {{ ansible_default_ipv4.address }}:443>
|
||||||
|
ServerAdmin {{ server_admin }}
|
||||||
|
ServerName {{ site_name }}
|
||||||
|
ServerAlias {{ site_name }}
|
||||||
|
|
||||||
|
ErrorLog /var/log/apache2/{{ site_name }}-error.log
|
||||||
|
CustomLog /var/log/apache2/{{ site_name }}-access.log common
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
||||||
|
SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
|
||||||
|
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
|
||||||
|
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
|
||||||
|
|
||||||
|
ProxyPass / http://localhost:{{proxy_port}}/
|
||||||
|
</VirtualHost>
|
||||||
Loading…
Reference in a new issue