Created
December 8, 2018 18:11
-
-
Save juffaz/6d7e7f9a977c6f9ee5c78d2a1450a0fa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[devops@centreon01 ansible]$ cat deploy-apache-debian.yml | |
--- | |
- hosts: all | |
gather_facts: no | |
remote_user: devops | |
sudo: yes | |
vars: | |
apache_vhosts: | |
- {servername: "chost.site.com", documentroot: "/var/www/html", serveradmin: "support@site.com"} | |
tasks: | |
- name: Installs apache | |
package: pkg=apache2 state=installed | |
- name: Installs libapache2-mod-php7.0 | |
package: pkg=libapache2-mod-php7.0 state=installed | |
- name: Installs modsecurity2 | |
package: pkg=libapache2-mod-security2 state=installed | |
- name: Installs modsecurity2 crs | |
package: pkg=modsecurity-crs state=installed | |
- name: Installs php modules | |
package: pkg={{item}} state=installed | |
with_items: | |
- php7.0 | |
- php7.0-curl | |
- php7.0-gd | |
- php7.0-xml | |
- php7.0-xmlrpc | |
- php7.0-zip | |
- php7.0-tidy | |
- php7.0-sqlite3 | |
- php7.0-snmp | |
- php7.0-recode | |
- php7.0-readline | |
- php7.0-pspell | |
- php7.0-opcache | |
- php7.0-mysql | |
- php7.0-mcrypt | |
- php7.0-mbstring | |
- php7.0-json | |
- php7.0-intl | |
- php7.0-imap | |
- php7.0-common | |
- php7.0-cli | |
- php7.0-bz2 | |
- name: create virtual host file | |
template: src=files/001-vhost.cfg.j2 dest=/etc/apache2/sites-available/001-vhost.conf | |
- name: creates ssl directory | |
file: path=/etc/apache2/ssl state=directory | |
- name: Upload SSL cert | |
copy: src=files/STAR_vatportal_az.crt dest=/etc/apache2/ssl/STAR_site.com.crt | |
- name: Upload SSL key | |
copy: src=files/server1vatportal.key dest=/etc/apache2/ssl/server1site.com.key | |
- name: Upload SSL bundle | |
copy: src=files/STAR_vatportal_az.ca-bundle dest=/etc/apache2/ssl/STAR_site.com.ca-bundle | |
- name: enabled mod_ssl | |
apache2_module: name=ssl state=present | |
- name: a2ensite default-ssl | |
command: a2ensite default-ssl | |
notify: | |
- restart apache2 | |
- name: a2ensite vhost | |
command: a2ensite | |
args: | |
creates: /etc/apache2/sites-enabled/001-vhost.conf | |
notify: | |
- restart apache2 | |
# - name: enable apache2 service | |
# command: systemctl enable apache2 | |
handlers: | |
- name: restart apache2 | |
service: name=apache2 state=restarted | |
[devops@centreon01 ansible]$ cat files/001-vhost.cfg.j2 | |
{% for vhost in apache_vhosts %} | |
<VirtualHost *:80> | |
ServerName {{ vhost.servername }} | |
ServerAlias www.{{ vhost.servername }} | |
Redirect / https://{{ vhost.servername }}/ | |
</VirtualHost> | |
<VirtualHost *:443> | |
SSLEngine On | |
SSLCertificateFile /etc/apache2/ssl/STAR_site.com.crt | |
SSLCertificateKeyFile /etc/apache2/ssl/server1site.com.key | |
SSLCertificateChainFile /etc/apache2/ssl/STAR_site.com.ca-bundle | |
ServerAdmin {{ vhost.serveradmin }} | |
ServerName {{ vhost.servername }} | |
ServerAlias www.{{ vhost.servername }} | |
DocumentRoot {{ vhost.documentroot }} | |
ErrorLog /var/log/{{ vhost.servername }}_error.log | |
CustomLog /var/log/{{ vhost.servername }}_access.log combined | |
<Directory {{ vhost.documentroot }}> | |
Options Indexes FollowSymLinks | |
AllowOverride All | |
Require all granted | |
</Directory> | |
</VirtualHost> | |
{% endfor %} | |
[devops@centreon01 ansible]$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment