forked from ISTI-ansible-roles/ansible-roles
library/roles/apache: Support for the apache info and status modules, with ACLs.
This commit is contained in:
Andrea Dell'Amico
parent
1476724437
commit
1a685e17c8
|
|
@ -37,6 +37,16 @@ apache_http_proxy_modules:
|
||||||
- proxy_ajp
|
- proxy_ajp
|
||||||
- proxy_http
|
- proxy_http
|
||||||
|
|
||||||
|
apache_status_module: True
|
||||||
|
apache_status_location: '/server-status'
|
||||||
|
apache_status_allowed_hosts:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
|
||||||
|
apache_info_module: True
|
||||||
|
apache_info_location: '/server-info'
|
||||||
|
apache_info_allowed_hosts:
|
||||||
|
- 127.0.0.1/8
|
||||||
|
|
||||||
apache_basic_auth: False
|
apache_basic_auth: False
|
||||||
apache_basic_auth_single_file: True
|
apache_basic_auth_single_file: True
|
||||||
apache_basic_auth_dir: /etc/apache2/auth
|
apache_basic_auth_dir: /etc/apache2/auth
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
- name: Load the apache ssl modules
|
- name: Load the apache ssl modules
|
||||||
apache2_module: name={{ item }} state=present
|
apache2_module: name={{ item }} state=present
|
||||||
with_items: apache_ssl_modules
|
with_items: '{{ apache_ssl_modules }}'
|
||||||
when:
|
when:
|
||||||
- apache_ssl_modules_enabled
|
- apache_ssl_modules_enabled
|
||||||
- is_trusty
|
- is_trusty
|
||||||
|
|
@ -10,14 +10,43 @@
|
||||||
|
|
||||||
- name: Load some apache proxy modules
|
- name: Load some apache proxy modules
|
||||||
apache2_module: name={{ item }} state=present
|
apache2_module: name={{ item }} state=present
|
||||||
with_items: apache_http_proxy_modules
|
with_items: '{{ apache_http_proxy_modules }}'
|
||||||
when: apache_http_proxy_modules_enabled
|
when: apache_http_proxy_modules_enabled
|
||||||
notify: apache2 reload
|
notify: apache2 reload
|
||||||
tags: [ 'apache', 'apache_mods' ]
|
tags: [ 'apache', 'apache_mods' ]
|
||||||
|
|
||||||
- name: Load additional apache modules if any
|
- name: Load additional apache modules if any
|
||||||
apache2_module: name={{ item }} state=present
|
apache2_module: name={{ item }} state=present
|
||||||
with_items: apache_additional_modules_list
|
with_items: '{{ apache_additional_modules_list }}'
|
||||||
when: apache_additional_modules
|
when: apache_additional_modules
|
||||||
notify: apache2 reload
|
notify: apache2 reload
|
||||||
tags: [ 'apache', 'apache_mods' ]
|
tags: [ 'apache', 'apache_mods' ]
|
||||||
|
|
||||||
|
- name: Load the apache status module
|
||||||
|
apache2_module: name={{ item }} state=present
|
||||||
|
with_items: status
|
||||||
|
when: apache_status_module
|
||||||
|
notify: apache2 reload
|
||||||
|
tags: [ 'apache', 'apache_mods', 'apache_status' ]
|
||||||
|
|
||||||
|
- name: Configure the apache status module
|
||||||
|
template: src={{ item }}.j2 dest=/etc/apache2/mods-available/{{ item }} owner=root group=root mode=0644
|
||||||
|
with_items: status.conf
|
||||||
|
when: apache_status_module
|
||||||
|
notify: apache2 reload
|
||||||
|
tags: [ 'apache', 'apache_mods', 'apache_status' ]
|
||||||
|
|
||||||
|
- name: Load the apache info module
|
||||||
|
apache2_module: name={{ item }} state=present
|
||||||
|
with_items: info
|
||||||
|
when: apache_info_module
|
||||||
|
notify: apache2 reload
|
||||||
|
tags: [ 'apache', 'apache_mods', 'apache_info' ]
|
||||||
|
|
||||||
|
- name: Configure the apache info module
|
||||||
|
template: src={{ item }}.j2 dest=/etc/apache2/mods-available/{{ item }} owner=root group=root mode=0644
|
||||||
|
with_items: info.conf
|
||||||
|
when: apache_info_module
|
||||||
|
notify: apache2 reload
|
||||||
|
tags: [ 'apache', 'apache_mods', 'apache_info' ]
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,20 @@
|
||||||
|
<IfModule mod_info.c>
|
||||||
|
|
||||||
|
# Allow remote server configuration reports, with the URL of
|
||||||
|
# http://servername/server-info (requires that mod_info.c be loaded).
|
||||||
|
# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
|
||||||
|
#
|
||||||
|
<Location {{ apache_info_location }}>
|
||||||
|
SetHandler server-info
|
||||||
|
Require local
|
||||||
|
{% if nagios_monitoring_server_ip is defined %}
|
||||||
|
{% for addr in nagios_monitoring_server_ip %}
|
||||||
|
Require ip {{ addr }}/24
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% for addr in apache_info_allowed_hosts %}
|
||||||
|
Require ip {{ addr }}
|
||||||
|
{% endfor %}
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
</IfModule>
|
||||||
|
|
@ -0,0 +1,32 @@
|
||||||
|
<IfModule mod_status.c>
|
||||||
|
# Allow server status reports generated by mod_status,
|
||||||
|
# with the URL of http://servername/server-status
|
||||||
|
# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
|
||||||
|
|
||||||
|
<Location {{ apache_status_location }}>
|
||||||
|
SetHandler server-status
|
||||||
|
Require local
|
||||||
|
{% if nagios_monitoring_server_ip is defined %}
|
||||||
|
{% for addr in nagios_monitoring_server_ip %}
|
||||||
|
Require ip {{ addr }}/24
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
{% for addr in apache_status_allowed_hosts %}
|
||||||
|
Require ip {{ addr }}
|
||||||
|
{% endfor %}
|
||||||
|
</Location>
|
||||||
|
|
||||||
|
# Keep track of extended status information for each request
|
||||||
|
ExtendedStatus On
|
||||||
|
|
||||||
|
# Determine if mod_status displays the first 63 characters of a request or
|
||||||
|
# the last 63, assuming the request itself is greater than 63 chars.
|
||||||
|
# Default: Off
|
||||||
|
#SeeRequestTail On
|
||||||
|
|
||||||
|
<IfModule mod_proxy.c>
|
||||||
|
# Show Proxy LoadBalancer status in mod_status
|
||||||
|
ProxyStatus On
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
</IfModule>
|
||||||
Loading…
Reference in New Issue