kolter
/
ansible-playbooks


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
							{% if ansible_controlled is defined and ansible_controlled != "" %}
#
# {{ ansible_controlled }}
#
{% endif %}
# Apache vhost for PHP system checks

<VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}80{% endif %}>
    ServerName {{ phpsyscheck_vhostname }}

    Include conf-available/letsencrypt.conf

{% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}
    RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://{{ phpsyscheck_vhostname }}$0
{% else %}
    DocumentRoot /etc/phpsyscheck
    DirectoryIndex index.php

{% if phpsyscheck_http_auth %}
    <Location />
        AuthType basic
        AuthName "Restricted Access"
        AuthUserFile /etc/apache2/auth_admin
        <RequireAny>
{% if phpsyscheck_http_whitelist_ip|length > 0 %}
            Require ip {{ phpsyscheck_http_whitelist_ip | join(' ')  }}
{% endif %}
            Require valid-user
        </RequireAny>
    </Location>
{% endif %}

    <Directory /etc/phpsyscheck>
        Options None
        AllowOverride None
        Require all granted
    </Directory>

{% if with_fpm|bool %}
    Include conf-available/fpm-pool.conf
{% endif %}

    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
    ErrorLog ${APACHE_LOG_DIR}/sys.error.log
{% endif %}
</VirtualHost>
{% if phpsyscheck_ssl and ssl_certs_auto_installed.stdout_lines is defined and phpsyscheck_vhostname in ssl_certs_auto_installed.stdout_lines %}

<VirtualHost {%if phpsyscheck_vhostip %}{{ phpsyscheck_vhostip }}{% else %}*{% endif %}:{%if phpsyscheck_vhostport %}{{ phpsyscheck_vhostport }}{% else %}443{% endif %}>
    ServerName {{ phpsyscheck_vhostname }}

    <IfModule http2_module>
        Protocols h2 http/1.1
    </IfModule>

    Include vhost_ssl_auto-{{ phpsyscheck_vhostname }}.conf

    DocumentRoot /etc/phpsyscheck
    DirectoryIndex index.php

{% if phpsyscheck_http_auth %}
    <Location />
        AuthType basic
        AuthName "Restricted Access"
        AuthUserFile /etc/apache2/auth_admin
        <RequireAny>
{% if phpsyscheck_http_whitelist_ip|length > 0 %}
            Require ip {{ phpsyscheck_http_whitelist_ip | join(' ')  }}
{% endif %}
            Require valid-user
        </RequireAny>
    </Location>
{% endif %}

    <Directory /etc/phpsyscheck>
        Options None
        AllowOverride None
        Require all granted
    </Directory>

    <IfModule php7_module>
        php_admin_value max_execution_time 240
        php_admin_value upload_max_filesize 128M
        php_admin_value post_max_size 128M
    </IfModule>

{% if with_fpm|bool %}
    Include conf-available/fpm-pool.conf
{% endif %}

    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/sys.access.log combined
    ErrorLog ${APACHE_LOG_DIR}/sys.error.log
</VirtualHost>
{% endif %}