# Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - name: ensure OS when: ansible_distribution != 'Debian' and ansible_distribution != 'Ubuntu' fail: msg: "Only Debian|Ubuntu are currently supported" - name: Confguring file-exchanger become: yes block: - name: Ensure backend file: path: /var/www/file_exchanger_cgi-bin/ state: directory - name: Created put cgi-bin file template: src: put dest: /var/www/file_exchanger_cgi-bin/put mode: +x - name: Ensure path exists file: path: "{{ file_exchanger_path }}" state: directory owner: www-data group: root mode: u+rwx,g-w,o-w - name: Enable related modules apache2_module: name: "{{ item }}" state: present with_items: - authz_groupfile - actions - alias - cgid - name: Create httpasswd file when: file_exchanger_user is defined and file_exchanger_user != None include_role: name: apache-server vars: apache_server_action: htpasswd apache_server_htpasswd_path: "/etc/apache2/sites-available/{{ file_exchanger_name }}.htpasswd" apache_server_htpasswd_user: "{{ file_exchanger_user }}" - name: Create htaccess file when: file_exchanger_group is defined and file_exchanger_group != None include_role: name: apache-server vars: apache_server_action: htaccess apache_server_htaccess_path: "/etc/apache2/sites-available/{{ file_exchanger_name }}.htaccess" apache_server_htaccess_group: "{{ file_exchanger_group }}" - name: Create file-exchanger HTTP virtual host config when: file_exchanger_http_port is defined and file_exchanger_http_port != "0" block: - name: Create file-exchanger virtual host config for HTTP template: src: conf.j2 dest: "/etc/apache2/sites-available/{{ file_exchanger_name }}.conf" - name: Enable file-exchanger virtual host command: "a2ensite {{ file_exchanger_name }}" - name: Insert a accept rule for non-SSL port iptables: chain: INPUT protocol: tcp destination_port: "{{ file_exchanger_http_port }}" destination: "{{ item }}" jump: ACCEPT action: insert with_items: "{{ file_exchanger_ip }}" when: "item | ipv4" - name: Create file-exchanger HTTPS virtual host config when: file_exchanger_https_port is defined and file_exchanger_https_port != "0" block: - name: Generate certs for casewith alt_names when: file_exchanger_ip is defined and file_exchanger_ip != None include_role: name: apache-server vars: apache_server_action: ssl apache_server_ssl_key_path: "/etc/ssl/private/{{ file_exchanger_name }}.key" apache_server_ssl_cert_path: "/etc/ssl/certs/{{ file_exchanger_name }}.pem" apache_server_ssl_cn: "{{ file_exchanger_servername }}" apache_server_ssl_alt_name: "{{ file_exchanger_ip | map('regex_replace', '^(.*)$', 'IP:\\1') | list }}" - name: Generate certs for case without alt_names when: file_exchanger_ip is undefined or file_exchanger_ip == None include_role: name: apache-server vars: apache_server_action: ssl apache_server_ssl_key_path: "/etc/ssl/private/{{ file_exchanger_name }}.key" apache_server_ssl_cert_path: "/etc/ssl/certs/{{ file_exchanger_name }}.pem" apache_server_ssl_cn: "{{ file_exchanger_servername }}" - name: Create file-exchanger virtual host config for HTTPS template: src: ssl.conf.j2 dest: "/etc/apache2/sites-available/{{ file_exchanger_name }}-ssl.conf" - name: Enable file-exchanger virtual host command: "a2ensite {{ file_exchanger_name }}-ssl" - name: Insert a accept rule for SSL port iptables: chain: INPUT protocol: tcp destination_port: "{{ file_exchanger_https_port }}" destination: "{{ item }}" jump: ACCEPT action: insert with_items: "{{ file_exchanger_ip }}" when: "item | ipv4" - name: Restart Apache to apply all changes include_role: name: apache-server vars: apache_server_action: restart