Feat(apache): Install and configure Apache; add a virtual host

[ansible.git] / playbooks / debian / roles / add_apache_vhost / templates / vhost.conf

diff --git a/playbooks/debian/roles/add_apache_vhost/templates/vhost.conf b/playbooks/debian/roles/add_apache_vhost/templates/vhost.conf
new file mode 100644 (file)
index 0000000..2f3dd5b
--- /dev/null
+++ b/playbooks/debian/roles/add_apache_vhost/templates/vhost.conf
@@ -0,0 +1,96 @@
+<VirtualHost 127.0.0.1:80 {{ virtual_host }}:80>
+ServerName {{ virtual_host }}
+Redirect permanent / https://{{ virtual_host }}/
+ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
+CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
+</VirtualHost>
+
+<VirtualHost 127.0.0.1:80 {{ virtual_host }}:80>
+ServerName www.{{ virtual_host }}
+Redirect permanent / https://{{ virtual_host }}/
+ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
+CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
+</VirtualHost>
+
+<VirtualHost 127.0.0.1:443 {{ virtual_host }}:443>
+ServerName {{ virtual_host }}
+
+DocumentRoot /home/phd/Internet/WWW/htdocs/{{ virtual_host }}
+ScriptAlias /cgi-bin /home/phd/Internet/WWW/cgi-bin/{{ virtual_host }}
+ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
+CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
+
+<Directory /home/phd/Internet/WWW/htdocs/{{ virtual_host }}>
+Require all granted
+</Directory>
+
+<Directory /home/phd/Internet/WWW/cgi-bin/{{ virtual_host }}>
+Require all granted
+</Directory>
+
+<Location /Bookmarks>
+ErrorDocument 404 http://{{ virtual_host }}/Bookmarks/notfound.html
+</Location>
+
+<Location /Software/Python/m_librarian/docs>
+AddDefaultCharset utf-8
+</Location>
+
+<IfModule mod_proxy.c>
+<Proxy *>
+   Require all denied
+</Proxy>
+
+ProxyRequests Off
+</IfModule>
+
+SSLEngine on
+#Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+#Header always set X-Content-Type-Options nosniff
+#Header always set X-Frame-Options DENY
+#SSLCipherSuite HIGH:MEDIUM:RSA:!EXP:!aNULL:!NULL:+SHA1:+HIGH:+MEDIUM:-LOW
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLCompression off
+SSLHonorCipherOrder On
+SSLOptions +StrictRequire
+SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+SSLProxyEngine off
+#SSLRandomSeed connect file:/dev/urandom 1024
+#SSLRandomSeed startup file:/dev/urandom 1024
+#SSLSessionCache shm:/var/log/apache2/ssl_cache_shm
+#SSLSessionCacheTimeout 600
+#SSLSessionTickets Off
+#SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
+#SSLUseStapling on
+SSLVerifyClient none
+
+SSLCACertificateFile /etc/apache2/ssl/CA.crt
+SSLCertificateFile /etc/apache2/ssl/{{ virtual_host }}.crt
+SSLCertificateKeyFile /etc/apache2/ssl/{{ virtual_host }}.key
+
+<Directory />
+   SSLRequireSSL
+</Directory>
+
+<Directory /home/phd/Internet/WWW/cgi-bin/{{ virtual_host }}>
+   SSLOptions +StdEnvVars
+</Directory>
+
+#<IfModule mime.c>
+#   AddType application/x-x509-ca-cert      .crt
+#   AddType application/x-pkcs7-crl         .crl
+#</IfModule>
+
+BrowserMatch "MSIE [2-6]" \
+   nokeepalive ssl-unclean-shutdown \
+   downgrade-1.0 force-response-1.0
+# MSIE 7 and newer should be able to use keepalive
+BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+</VirtualHost>
+
+<VirtualHost 127.0.0.1:443 {{ virtual_host }}:443>
+ServerName www.{{ virtual_host }}
+Redirect permanent / https://{{ virtual_host }}/
+ErrorLog /var/log/apache2/{{ virtual_host }}/error_log
+CustomLog /var/log/apache2/{{ virtual_host }}/access_log common
+</VirtualHost>