kolter
/
ansible-playbooks


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
							{% if ansible_prolog -%}
{% from 'templates/ansible/prolog.j2' import prolog with context %}
{{ prolog() }}
{% endif -%}
# Apache vhost for PHP system checks

<VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}80{% endif %}>
    ServerName {{ phpsyscheck_vhostname }}

    Include conf-available/letsencrypt.conf

{% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://{{ phpsyscheck_vhostname }}$0
{% else %}
    DocumentRoot /etc/phpsyscheck
    DirectoryIndex index.php

{% if phpsyscheck_http_auth %}
    <Location />
        AuthType basic
        AuthName "Restricted Access"
        AuthUserFile /etc/apache2/auth_admin
        <RequireAny>
{% if phpsyscheck_http_whitelist_ip|length > 0 %}
            Require ip {{ phpsyscheck_http_whitelist_ip | join(' ')  }}
{% endif %}
            Require valid-user
        </RequireAny>
    </Location>
{% endif %}

    <Directory /etc/phpsyscheck>
        Options None
        AllowOverride None
        Require all granted
    </Directory>

{% if with_fpm|bool %}
    Include conf-available/fpm-pool.conf
{% endif %}

    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
    ErrorLog ${APACHE_LOG_DIR}/sys.error.log
{% endif %}
</VirtualHost>
{% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}

<VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %}>
    ServerName {{ phpsyscheck_vhostname }}

    <IfModule http2_module>
        Protocols h2 http/1.1
    </IfModule>

    Include vhost_ssl_auto-{{ phpsyscheck_vhostname }}.conf

    DocumentRoot /etc/phpsyscheck
    DirectoryIndex index.php

{% if phpsyscheck_http_auth %}
    <Location />
        AuthType basic
        AuthName "Restricted Access"
        AuthUserFile /etc/apache2/auth_admin
        <RequireAny>
{% if phpsyscheck_http_whitelist_ip|length > 0 %}
            Require ip {{ phpsyscheck_http_whitelist_ip | join(' ')  }}
{% endif %}
            Require valid-user
        </RequireAny>
    </Location>
{% endif %}

    <Directory /etc/phpsyscheck>
        Options None
        AllowOverride None
        Require all granted
    </Directory>

    <IfModule php7_module>
        php_admin_value max_execution_time 240
        php_admin_value upload_max_filesize 128M
        php_admin_value post_max_size 128M
    </IfModule>

{% if with_fpm|bool %}
    Include conf-available/fpm-pool.conf
{% endif %}

    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
    ErrorLog ${APACHE_LOG_DIR}/sys.error.log
</VirtualHost>
{% endif %}