Removed option for directory-based Apache2 configuration

Fixed typo in apache2_modules
Enable alias and proxy Apache2 modules
2022-04-12 12:13:26 -04:00 · 2022-04-12 12:13:25 -04:00 · 2022-04-12 12:13:25 -04:00 · 2022-04-11 18:17:49 -04:00
12 changed files with 29 additions and 132 deletions
--- a/README.md
+++ b/README.md
@ -9,12 +9,13 @@ This role configures a web server on your host for Nextcloud
 ## Role configuration
 * `domain_name` (default: localdomain) - Your domain for web server configuration. i.e. `example.com` if you would like your Nextcloud instance to be reachable at nextcloud.example.com
 * `nextcloud_subdomain` (default: nextcloud) - The subdomain at which you'd like to access your Nextcloud instance
-* `nextcloud_ssl` (default: true) - Whether or not you'd like to enable SSL. This will not create certificates, you will need to configure [certbot](https://certbot.eff.org/instructions) or other certificates manually.
+* `nextcloud_ssl` (default: false) - Whether or not you'd like to enable SSL. This will not create certificates, you will need to configure [certbot](https://certbot.eff.org/instructions) or other certificates manually.
-* `nextcloud_ssl_certificate_path` (default: /etc/ssl/certs/ssl-cert-snakeoil.pem) - The path to your SSL certificate
+* `nextcloud_apache2_virtualhost` (default: false) - Enable this if you would like to use a virtual host configuration rather than directory-based. See the [Nextcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html#apache-web-server-configuration) for more information.
 * `nextcloud_ssl_key_path` (default: /etc/ssl/private/ssl-cert-snakeoil.key) - The path to your SSL certificate key
 * `nextcloud_apache2_fcgi` (default: false) - Enable this if you are using `mod_fcgi` rather than the standard `mod_php`. This will enable the `mod_setenvif` PHP module.
 * `nextcloud_apache2_config_path` (default: /etc/apache2/sites-available/nextcloud.conf) - The path to your Nextcloud Apache2 site configuration.
 ### Experimental options
 * `nextcloud_nginx` (default: false) - Configure an nginx web server rather than Apache2. **nginx is not officially supported by Nextcloud**
 * `nextcloud_nginx_config_path` (default: /etc/nginx/nginx.conf) - The path to your Nextcloud nginx configuration.
 * `nextcloud_nginx_ssl_certificate_path` (default: /etc/ssl/nginx/nextcloud.localdomain.crt) - The path to your SSL certificate
 * `nextcloud_nginx_ssl_key_path` (default: /etc/ssl/nginx/nextcloud.localdomain.key) - The path to your SSL certificate key
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@ -3,19 +3,14 @@
 # Your domain name for web server configuration
 domain_name: 'localdomain'
 # The major version of Nextcloud to install
 nextcloud_version: 23
 # The subdomain at which you'd like Nextcloud to be accessible at
 nextcloud_subdomain: nextcloud
 nextcloud_www_path: '/var/www/nextcloud/'
-nextcloud_ssl: true
+nextcloud_ssl: false
-nextcloud_ssl_certificate_path: "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+nextcloud_ssl_certificate_path: "/etc/ssl/nginx/{{ nextcloud_subdomain }}.{{ domain_name }}.crt"
-nextcloud_ssl_key_path: "/etc/ssl/private/ssl-cert-snakeoil.key"
+nextcloud_ssl_key_path: "/etc/ssl/nginx/{{ nextcloud_subdomain }}.{{ domain_name }}.key"
 nextcloud_hsts: true
 nextcloud_hsts_preload: false
 # Apache configuration
--- a/handlers/main.yaml
+++ b/handlers/main.yaml
@ -1,4 +1,7 @@
 ---
 - name: Enable Nextcloud site
  ansible.builtin.command: a2ensite nextcloud.conf
 - name: Restart Apache
  ansible.builtin.systemd:
    name: httpd
--- a/meta/main.yaml
+++ b/meta/main.yaml
@ -1,6 +1,5 @@
 ---
 galaxy_info:
  role_name: nextcloud
  author: Corbin Bartsch
  description: Configure a Debian host for Nextcloud installation
  license: MIT
--- a/tasks/apache2_site.yaml
+++ b/tasks/apache2_site.yaml
@ -1,4 +0,0 @@
 ---
 - name: Enable Nextcloud site
  ansible.builtin.command: a2ensite nextcloud.conf
  when: not nextcloud_nginx and not nextcloud_ssl
--- a/tasks/apache2_template.yaml
+++ b/tasks/apache2_template.yaml
@ -1,19 +1,9 @@
 ---
 - name: Write Apache2 SSL nextcloud.conf file
  ansible.builtin.template:
    src: apache2_ssl_nextcloud.conf.j2
    dest: "{{ nextcloud_apache2_config_path }}"
    mode: '0644'
  become: true
  when: nextcloud_ssl
  notify: Enable Nextcloud site
 - name: Write Apache2 nextcloud.conf file
  ansible.builtin.template:
    src: apache2_nextcloud.conf.j2
    dest: "{{ nextcloud_apache2_config_path }}"
    mode: '0644'
  become: true
  when: not nextcloud_ssl
  notify:
    - Enable Nextcloud site
--- a/tasks/install_nextcloud.yaml
+++ b/tasks/install_nextcloud.yaml
@ -1,15 +0,0 @@
 ---
 - name: Download latest Nextcloud {{ nextcloud_version }} tar.bz2 archive
  ansible.builtin.unarchive:
    src: "https://download.nextcloud.com/server/releases/latest-{{ nextcloud_version }}.tar.bz2"
    dest: "{{ nextcloud_www_path }}"
    extra_opts:
      - --transform
      - s/^nextcloud\///
 - name: Change ownership of Nextcloud directories
  ansible.builtin.file:
    path: "{{ nextcloud_www_path }}"
    owner: www-data
    group: www-data
    recurse: true
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -10,13 +10,13 @@
  include_tasks: apache2_modules.yaml
  when: not nextcloud_nginx
 - name: Enable Apache2 site
  include_tasks: apache2_site.yaml
  when: not nextcloud_nginx
 - name: Create nginx config
  include_tasks: nginx_template.yaml
  when: nextcloud_nginx
- name: Install Nextcloud files
+- name: Change ownership of Nextcloud directories
-  include_tasks: install_nextcloud.yaml
+  ansible.builtin.file:
    path: "{{ nextcloud_www_path }}"
    owner: www-data
    group: www-data
    recurse: true
--- a/tasks/nginx_template.yaml
+++ b/tasks/nginx_template.yaml
@ -4,6 +4,7 @@
    src: nginx.conf.j2
    dest: "{{ nextcloud_nginx_config_path }}"
    mode: '0644'
    backup: true
  become: true
  notify:
    - Restart nginx
--- a/templates/apache2_nextcloud.conf.j2
+++ b/templates/apache2_nextcloud.conf.j2
@ -1,18 +1,16 @@
 # {{ ansible_managed }}
 <VirtualHost *:80>
-	DocumentRoot {{ nextcloud_www_path }}
+  DocumentRoot {{ nextcloud_www_path }}
-	ServerName {{ ansible_hostname }}.{{ domain_name }}
+  ServerName {{ ansible_hostname }}.{{ domain_name }}
 	<Directory {{ nextcloud_www_path }}>
 		Require all granted
 		AllowOverride All
 		Options FollowSymLinks MultiViews
 		<IfModule mod_dav.c>
 			Dav off
 		</IfModule>
 	</Directory>
 </VirtualHost>
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+  <Directory {{ nextcloud_www_path }}>
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
  </Directory>
 </VirtualHost>
--- a/templates/apache2_ssl_nextcloud.conf.j2
+++ b/templates/apache2_ssl_nextcloud.conf.j2
@ -1,43 +0,0 @@
 # {{ ansible_managed }}
 <IfModule mod_ssl.c>
 	<VirtualHost *:80>
 		ServerName {{ nextcloud_subdomain }}.{{ domain_name }}
 		Redirect permanent / https://{{ nextcloud_subdomain }}.{{ domain_name }}/
 	</VirtualHost>
 	<VirtualHost *:443>
 	 	ServerName {{ nextcloud_subdomain }}.{{ domain_name }}
 		DocumentRoot {{ nextcloud_www_path }}
 		ErrorLog ${APACHE_LOG_DIR}/error.log
 		CustomLog ${APACHE_LOG_DIR}/access.log combined
 		SSLEngine on
 		SSLCertificateFile {{ nextcloud_ssl_certificate_path }}
 		SSLCertificateKeyFile {{ nextcloud_ssl_key_path }}
 	 	<Directory {{ nextcloud_www_path }}>
 	 		Require all granted
 	 		AllowOverride All
 	 		Options FollowSymLinks MultiViews
 	 		<IfModule mod_dav.c>
 	 			Dav off
 	 		</IfModule>
 	 	</Directory>
 		<FilesMatch "\.php$">
 			SSLOptions +StdEnvVars
 		</FilesMatch>
 {% if nextcloud_hsts %}
 		<IfModule mod_headers.c>
 			Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains{% if nextcloud_hsts_preload %}; preload{% endif %}"
 		</IfModule>
 {% endif %}
 	</VirtualHost>
 </IfModule>
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
--- a/templates/config.php.j2
+++ b/templates/config.php.j2
@ -1,28 +0,0 @@
 <?php
 $CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => '{{ nextcloud_subdomain }}.{{ domain_name }}',
  ),
  'datadirectory' => '{{ nextcloud_data_directory }}',
  'dbtype' => '{{ nextcloud_db_type }}',
  'version' => '23.0.3.2',
  'overwrite.cli.url' => 'http://{{ nextcloud_subdomain }}.{{ domain_name }}',
  'dbname' => 'nextcloud',
  'dbhost' => '{{ nextcloud_db_host }}:{{ nextcloud_db_port }}',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '{{ nextcloud_db_user }}',
  'dbpassword' => '{{ nextcloud_db_pass }}',
  'installed' => true,
  'twofactor_enforced' => 'true',
  'twofactor_enforced_groups' => 
  array (
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
  ),
 );
Author	SHA1	Message	Date
Corbin Bartsch	84a7394fcc	Removed option for directory-based Apache2 configuration	2022-04-12 12:13:26 -04:00
Corbin Bartsch	fb6ca593b8	Fixed typo in apache2_modules	2022-04-12 12:13:25 -04:00
Corbin Bartsch	148b6b3b17	Enable alias and proxy Apache2 modules	2022-04-12 12:13:25 -04:00
Corbin Bartsch	54015ef705	Backup nginx template before overwriting	2022-04-11 18:17:49 -04:00