This role will install and configure the Apache webserver:
- mod_md for Let's Encrypt SSL/TLS certificate management, hardened (A+) SSL/TLS configuration
- php-fpm PHP interpreter
- (optional) basic authentication login form brutefore prevention with fail2ban
- (optional) aggregation of apache log files to syslog
- See meta/main.yml
- For Let's Encrypt certificates, ports tcp/80 and tcp/443 must be reachable from the Internet, and the each virtualhost's FQDN (ServerName) must have a A or CNAME record in the public DNS system.
- hosts: my.CHANGEME.org
roles:
- nodiscc.xsrv.common # (optional) basic setup, hardening, firewall, bruteforce prevention
- nodiscc.xsrv monitoring # (optional) apache/virtualhost monitoring, log aggregation
- nodiscc.xsrv.apache
# required variables:
# ansible-vault edit host_vars/my.CHANGEME.org/my.CHANGEME.org.vault.yml
apache_letsencrypt_email: "CHANGEME"See defaults/main.yml for all configuration variables
Backups: See the the included rsnapshot configuration for the backup role
Integration with other roles: Each role relying on this one must install its own configuration in /etc/apache2/{conf,sites}-{available,enabled}/ and notify the reload/restart apache handlers.
Allow a user to read apache/web applications files: Add the user to the www-data group. For example using the common role:
linux_users:
- name: "{{ ansible_user }}"
groups: www-data
append: yes
comment: "ansible user/allowed to read/write web application files"Let's Encrypt certificates: newly generated certificates may take up to 1 minute to become available.
apache - setup the apache web server
ssl - setup SSL certificates and configuration
apache-reverseproxy - setup apache custom reverseproxies