From 05c9099fdfbd4ea5502364f4103d26cc9c6dbef8 Mon Sep 17 00:00:00 2001 From: Corbin Bartsch Date: Mon, 11 Apr 2022 18:20:23 -0400 Subject: [PATCH 1/5] Moved site enabler task out of handler --- handlers/main.yaml | 3 --- tasks/apache2_site.yaml | 4 ++++ tasks/main.yaml | 4 ++++ 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 tasks/apache2_site.yaml diff --git a/handlers/main.yaml b/handlers/main.yaml index 0a28323..7ad8579 100644 --- a/handlers/main.yaml +++ b/handlers/main.yaml @@ -1,7 +1,4 @@ --- -- name: Enable Nextcloud site - ansible.builtin.command: a2ensite nextcloud.conf - - name: Restart Apache ansible.builtin.systemd: name: httpd diff --git a/tasks/apache2_site.yaml b/tasks/apache2_site.yaml new file mode 100644 index 0000000..e6687a4 --- /dev/null +++ b/tasks/apache2_site.yaml @@ -0,0 +1,4 @@ +--- +- name: Enable Nextcloud site + ansible.builtin.command: a2ensite nextcloud.conf + when: not nextcloud_nginx and not nextcloud_ssl diff --git a/tasks/main.yaml b/tasks/main.yaml index 3a90815..218dfb1 100644 --- a/tasks/main.yaml +++ b/tasks/main.yaml @@ -10,6 +10,10 @@ include_tasks: apache2_modules.yaml when: not nextcloud_nginx +- name: Enable Apache2 site + include_tasks: apache2_site.yaml + when: not nextcloud_nginx + - name: Create nginx config include_tasks: nginx_template.yaml when: nextcloud_nginx From 18d1aa3638fc509098ad70f5b9ba5408ad8bc462 Mon Sep 17 00:00:00 2001 From: Corbin Bartsch Date: Mon, 11 Apr 2022 18:10:59 -0400 Subject: [PATCH 2/5] Enable alias and proxy Apache2 modules --- tasks/apache2_modules.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tasks/apache2_modules.yaml b/tasks/apache2_modules.yaml index 40c8479..524fe44 100644 --- a/tasks/apache2_modules.yaml +++ b/tasks/apache2_modules.yaml @@ -4,6 +4,8 @@ name: rewrite state: present with_items: + - alias + - proxy - rewrite - headers - env From 1c5f884a1e7b16b8c6e6481d772d074df6c11379 Mon Sep 17 00:00:00 2001 From: Corbin Bartsch Date: Mon, 11 Apr 2022 18:15:40 -0400 Subject: [PATCH 3/5] Fixed typo in apache2_modules --- tasks/apache2_modules.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tasks/apache2_modules.yaml b/tasks/apache2_modules.yaml index 524fe44..ce45782 100644 --- a/tasks/apache2_modules.yaml +++ b/tasks/apache2_modules.yaml @@ -1,7 +1,7 @@ --- - name: Enable Apache2 modules community.general.apache2_module: - name: rewrite + name: "{{ item }}" state: present with_items: - alias @@ -13,3 +13,9 @@ - mime notify: - Restart Apache + +- name: Enable Apache2 module SSL + community.general.apache2_module: + name: ssl + state: present + when: nextcloud_ssl From f3916b1076b245629e50d880e9f325fb2a27f660 Mon Sep 17 00:00:00 2001 From: Corbin Bartsch Date: Tue, 12 Apr 2022 12:09:41 -0400 Subject: [PATCH 4/5] Removed option for directory-based Apache2 configuration --- defaults/main.yaml | 3 --- tasks/apache2_template.yaml | 15 ++------------- templates/apache2_directory_nextcloud.conf.j2 | 13 ------------- ...extcloud.conf.j2 => apache2_nextcloud.conf.j2} | 0 4 files changed, 2 insertions(+), 29 deletions(-) delete mode 100644 templates/apache2_directory_nextcloud.conf.j2 rename templates/{apache2_virtualhost_nextcloud.conf.j2 => apache2_nextcloud.conf.j2} (100%) diff --git a/defaults/main.yaml b/defaults/main.yaml index 2ca9a7e..ef876c6 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -14,9 +14,6 @@ nextcloud_ssl_key_path: "/etc/ssl/nginx/{{ nextcloud_subdomain }}.{{ domain_name # Apache configuration -# Configure with virtualhost rather than directory-based Apache site -nextcloud_apache2_virtualhost: false - # If using mod_fcgi rather than the standard mod_php, we should also enable mod_setenvif nextcloud_apache2_fcgi: false diff --git a/tasks/apache2_template.yaml b/tasks/apache2_template.yaml index 782874f..2887ad8 100644 --- a/tasks/apache2_template.yaml +++ b/tasks/apache2_template.yaml @@ -1,20 +1,9 @@ --- -- name: Write directory-based nextcloud.conf file +- name: Write Apache2 nextcloud.conf file ansible.builtin.template: - src: apache2_directory_nextcloud.conf.j2 + src: apache2_nextcloud.conf.j2 dest: "{{ nextcloud_apache2_config_path }}" mode: '0644' become: true - when: not nextcloud_apache2_virtualhost - notify: - - Enable Nextcloud site - -- name: Write virtualhost nextcloud.conf file - ansible.builtin.template: - src: apache2_virtualhost_nextcloud.conf.j2 - dest: "{{ nextcloud_apache2_config_path }}" - mode: '0644' - become: true - when: nextcloud_apache2_virtualhost notify: - Enable Nextcloud site diff --git a/templates/apache2_directory_nextcloud.conf.j2 b/templates/apache2_directory_nextcloud.conf.j2 deleted file mode 100644 index c5c5182..0000000 --- a/templates/apache2_directory_nextcloud.conf.j2 +++ /dev/null @@ -1,13 +0,0 @@ -# {{ ansible_managed }} - -Alias /nextcloud "{{ nextcloud_www_path }}" - - - Require all granted - AllowOverride All - Options FollowSymLinks MultiViews - - - Dav off - - diff --git a/templates/apache2_virtualhost_nextcloud.conf.j2 b/templates/apache2_nextcloud.conf.j2 similarity index 100% rename from templates/apache2_virtualhost_nextcloud.conf.j2 rename to templates/apache2_nextcloud.conf.j2 From b244dc204338fcb40402f198ca4abd12742f48e4 Mon Sep 17 00:00:00 2001 From: Corbin Bartsch Date: Tue, 12 Apr 2022 21:29:27 -0400 Subject: [PATCH 5/5] Added Apache2 SSL template, nable SSL by default --- defaults/main.yaml | 6 ++--- tasks/apache2_template.yaml | 10 ++++++++ templates/apache2_ssl_nextcloud.conf.j2 | 32 +++++++++++++++++++++++++ 3 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 templates/apache2_ssl_nextcloud.conf.j2 diff --git a/defaults/main.yaml b/defaults/main.yaml index ef876c6..23bb8c0 100644 --- a/defaults/main.yaml +++ b/defaults/main.yaml @@ -8,9 +8,9 @@ nextcloud_subdomain: nextcloud nextcloud_www_path: '/var/www/nextcloud/' -nextcloud_ssl: false -nextcloud_ssl_certificate_path: "/etc/ssl/nginx/{{ nextcloud_subdomain }}.{{ domain_name }}.crt" -nextcloud_ssl_key_path: "/etc/ssl/nginx/{{ nextcloud_subdomain }}.{{ domain_name }}.key" +nextcloud_ssl: true +nextcloud_ssl_certificate_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem" +nextcloud_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key" # Apache configuration diff --git a/tasks/apache2_template.yaml b/tasks/apache2_template.yaml index 2887ad8..f7619be 100644 --- a/tasks/apache2_template.yaml +++ b/tasks/apache2_template.yaml @@ -1,9 +1,19 @@ --- +- name: Write Apache2 SSL nextcloud.conf file + ansible.builtin.template: + src: apache2_ssl_nextcloud.conf.j2 + dest: "{{ nextcloud_apache2_config_path }}" + mode: '0644' + become: true + when: nextcloud_ssl + notify: Enable Nextcloud site + - name: Write Apache2 nextcloud.conf file ansible.builtin.template: src: apache2_nextcloud.conf.j2 dest: "{{ nextcloud_apache2_config_path }}" mode: '0644' become: true + when: not nextcloud_ssl notify: - Enable Nextcloud site diff --git a/templates/apache2_ssl_nextcloud.conf.j2 b/templates/apache2_ssl_nextcloud.conf.j2 new file mode 100644 index 0000000..299d88e --- /dev/null +++ b/templates/apache2_ssl_nextcloud.conf.j2 @@ -0,0 +1,32 @@ +# {{ ansible_managed }} + + + + ServerName {{ ansible_hostname }}.{{ domain_name }} + + DocumentRoot {{ nextcloud_www_path }} + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + SSLCertificateFile {{ nextcloud_ssl_certificate_path }} + SSLCertificateKeyFile {{ nextcloud_ssl_key_path }} + + + Require all granted + AllowOverride All + Options FollowSymLinks MultiViews + + + Dav off + + + + + SSLOptions +StdEnvVars + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet