{% if ansible_prolog -%}
{% from 'templates/ansible/prolog.j2' import prolog with context %}
{{ prolog() }}
{% endif -%}
# Apache vhost for PHP system checks
ServerName {{ phpsyscheck_vhostname }}
Include conf-available/letsencrypt.conf
{% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://{{ phpsyscheck_vhostname }}$0
{% else %}
DocumentRoot /etc/phpsyscheck
DirectoryIndex index.php
{% if phpsyscheck_http_auth %}
AuthType basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/auth_admin
{% if phpsyscheck_http_whitelist_ip|length > 0 %}
Require ip {{ phpsyscheck_http_whitelist_ip | join(' ') }}
{% endif %}
Require valid-user
{% endif %}
Options None
AllowOverride None
Require all granted
{% if with_fpm|bool %}
Include conf-available/fpm-pool.conf
{% endif %}
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
ErrorLog ${APACHE_LOG_DIR}/sys.error.log
{% endif %}
{% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
ServerName {{ phpsyscheck_vhostname }}
Protocols h2 http/1.1
Include vhost_ssl_auto-{{ phpsyscheck_vhostname }}.conf
DocumentRoot /etc/phpsyscheck
DirectoryIndex index.php
{% if phpsyscheck_http_auth %}
AuthType basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/auth_admin
{% if phpsyscheck_http_whitelist_ip|length > 0 %}
Require ip {{ phpsyscheck_http_whitelist_ip | join(' ') }}
{% endif %}
Require valid-user
{% endif %}
Options None
AllowOverride None
Require all granted
php_admin_value max_execution_time 240
php_admin_value upload_max_filesize 128M
php_admin_value post_max_size 128M
{% if with_fpm|bool %}
Include conf-available/fpm-pool.conf
{% endif %}
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
ErrorLog ${APACHE_LOG_DIR}/sys.error.log
{% endif %}