Make possible to disable HTTP auth in front of PHP syscheck

roles/webserver/defaults/main.yml

@@ -31,10 +31,12 @@ with_php: False
 php_version: '7.0'
 with_php_mysql_legacy: False
 
+with_phpsyscheck: True
 phpsyscheck_vhostname: 'sys.localhost'
 phpsyscheck_vhostip: Null
 phpsyscheck_vhostport: Null
 phpsyscheck_ssl: False
+http_auth_syscheck: False
 
 php_config:
   date.timezone: 'Europe/Paris'

roles/webserver/tasks/apache2.yml

@@ -185,7 +185,7 @@
     mode: '0644'
   notify:
     - 'Reload apache2'
-  when: with_php|bool
+  when: with_phpsyscheck|bool and with_php|bool
   tags:
     - 'web'
     - 'apache2'
@@ -197,7 +197,7 @@
     state: 'link'
   notify:
     - 'Reload apache2'
-  when: with_php|bool
+  when: with_phpsyscheck|bool and with_php|bool
   tags:
     - 'web'
     - 'apache2'

roles/webserver/tasks/nginx.yml

@@ -208,7 +208,7 @@
     mode: '0644'
   notify:
     - 'Reload nginx'
-  when: with_php|bool
+  when: with_phpsyscheck and with_php|bool
   tags:
     - 'web'
     - 'nginx'
@@ -220,7 +220,7 @@
     state: 'link'
   notify:
     - 'Reload nginx'
-  when: with_php|bool
+  when: with_phpsyscheck and with_php|bool
   tags:
     - 'web'
     - 'nginx'

roles/webserver/tasks/php.yml

@@ -188,6 +188,7 @@
     owner: 'root'
     group: 'root'
     mode: '0755'
+  when: with_phpsyscheck|bool
   tags:
     - 'web'
     - 'php'
@@ -199,6 +200,10 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
+  when: with_phpsyscheck|bool
+  tags:
+    - 'web'
+    - 'php'
 
 - name: 'Install PHP APC extension (Debian <= 8)'
   apt:
@@ -227,7 +232,7 @@
     owner: 'root'
     group: 'root'
     mode: '0644'
-  when: with_php_apc|bool
+  when: with_phpsyscheck|bool and with_php_apc|bool
   tags:
     - 'web'
     - 'php'

roles/webserver/templates/apache2/sys_vhost.j2

@@ -15,12 +15,14 @@
     DocumentRoot /etc/phpsyscheck
     DirectoryIndex index.php
 
+{% if http_auth_syscheck %}
     <Location />
         AuthType basic
         AuthName "Restricted Access"
         AuthUserFile /etc/apache2/auth_admin
         Require valid-user
     </Location>
+{% endif %}
 
     <Directory /etc/phpsyscheck>
         Options None
@@ -52,7 +54,7 @@
     DocumentRoot /etc/phpsyscheck
     DirectoryIndex index.php
 
-{% if http_auth_phpmyadmin %}
+{% if http_auth_syscheck %}
     <Location />
         AuthType basic
         AuthName "Restricted Access"

roles/webserver/templates/nginx/sys_vhost.j2

@@ -27,8 +27,10 @@ server {
     index index.php;
     try_files $uri $uri/ /index.php;
 
+{% if http_auth_syscheck %}
     auth_basic "Restricted Access";
     auth_basic_user_file /etc/nginx/auth_admin;
+{% endif %}
 
     location ~ \.php(/|$) {
         include fastcgi_pass_fpm;
@@ -51,8 +53,10 @@ server {
     index index.php;
     try_files $uri $uri/ /index.php;
 
+{% if http_auth_syscheck %}
     auth_basic "Restricted Access";
     auth_basic_user_file /etc/nginx/auth_admin;
+{% endif %}
 
     location ~ \.php(/|$) {
         include fastcgi_pass_fpm;