* use appropriate php version both for php and apache installations
+ pma for apache with auth and hand made change granted permissions + wp-cli + www-domain alias for apache and revers redirect for that
This commit is contained in:
@ -10,45 +10,45 @@
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
vars_files:
|
||||
- ./../../vars/site.yml
|
||||
- ./../../vars/php.yml
|
||||
- ./../../vars/apache.yml
|
||||
|
||||
vars:
|
||||
apache__base_packages:
|
||||
- libapache2-mod-php8.1
|
||||
apache__role_modules:
|
||||
'headers': True
|
||||
'alias': True
|
||||
'php7.4': True
|
||||
'ssl':
|
||||
enabled: '{{ True if (apache__https_listen and apache__https_enabled) else False }}'
|
||||
'security2':
|
||||
enabled: '{{ apache__security_module_enabled|bool }}'
|
||||
'status':
|
||||
enabled: '{{ apache__status_enabled|bool }}'
|
||||
config: |
|
||||
<Location /server-status>
|
||||
# Revoke default permissions granted in `/etc/apache2/mods-available/status.conf`.
|
||||
Require all denied
|
||||
</Location>
|
||||
'socache_shmcb':
|
||||
enabled: '{{ True
|
||||
if (apache__ocsp_stapling_enabled|bool
|
||||
and "shmcb" in apache__ocsp_stapling_cache)
|
||||
else omit }}'
|
||||
'authz_host':
|
||||
enabled: '{{ True
|
||||
if (apache__status_enabled|bool
|
||||
and apache__status_allow_localhost)
|
||||
else omit }}'
|
||||
- 'libapache2-mod-php{{ php_version }}'
|
||||
|
||||
apache__default_vhost_name:
|
||||
- '{{ domain_name }}'
|
||||
- "{{ (has_www_domain and not www_domain_is_primary) | ternary('www.{{ domain_name }}', omit) }}"
|
||||
|
||||
apache__modules:
|
||||
'php{{ php_version }}': True
|
||||
|
||||
'rewrite':
|
||||
enabled: '{{ True
|
||||
if (apache__register_mod_rewrite_used is defined and
|
||||
apache__register_mod_rewrite_used.rc|d(1) == 0)
|
||||
else omit }}'
|
||||
enabled: True
|
||||
|
||||
apache__allow:
|
||||
- 0.0.0.0
|
||||
# apache__default_vhost:
|
||||
# name: '{{ apache__default_vhost_name }}'
|
||||
# filename: '000-default'
|
||||
# root: '/var/www/html'
|
||||
|
||||
apache__default_vhost:
|
||||
name: '{{ apache__default_vhost_name }}'
|
||||
filename: '000-default'
|
||||
root: '/var/www/html'
|
||||
root_directives: |-
|
||||
RewriteEngine On
|
||||
RewriteBase /
|
||||
{% if www_domain_is_primary %}
|
||||
RewriteCond %{HTTP_HOST} ^([^www].*)$
|
||||
RewriteRule ^(.*)$ https://www.%1/$1 [L,R=301]
|
||||
{% else %}
|
||||
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
|
||||
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
|
||||
{% endif %}
|
||||
RewriteRule "(^|/)\.(?!well-known\/)" - [F]
|
||||
RewriteRule "\.(sh|example)$" - [F]
|
||||
|
||||
apache__vhost_allow_override: 'All'
|
||||
|
||||
pre_tasks:
|
||||
|
@ -10,10 +10,10 @@
|
||||
| combine(inventory__group_environment | d({}))
|
||||
| combine(inventory__host_environment | d({})) }}'
|
||||
|
||||
|
||||
vars_files:
|
||||
- ./../../vars/nginx.yml
|
||||
- ./../../vars/site.yml
|
||||
- ./../../vars/php.yml
|
||||
- ./../../vars/nginx.yml
|
||||
|
||||
vars:
|
||||
nginx_acme: False
|
||||
|
Reference in New Issue
Block a user