{"id":23637024,"url":"https://github.com/ansibleguy/infra_apache","last_synced_at":"2025-08-31T12:30:29.676Z","repository":{"id":53920658,"uuid":"423998289","full_name":"ansibleguy/infra_apache","owner":"ansibleguy","description":"Ansible Role to provision Apache2 sites","archived":false,"fork":false,"pushed_at":"2024-09-06T16:32:54.000Z","size":128,"stargazers_count":1,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"latest","last_synced_at":"2024-09-06T19:46:13.698Z","etag":null,"topics":["ansible","ansible-role","apache2","automation","certbot","certificates","iac","infrastructure-as-code","webserver"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansibleguy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"ansible0guy","github":"ansibleguy"}},"created_at":"2021-11-02T21:03:38.000Z","updated_at":"2024-09-06T16:32:58.000Z","dependencies_parsed_at":"2023-02-15T18:05:44.082Z","dependency_job_id":"07e3557b-4e5a-4f88-a7ad-0e325b6b47ee","html_url":"https://github.com/ansibleguy/infra_apache","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Finfra_apache","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Finfra_apache/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Finfra_apache/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Finfra_apache/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansibleguy","download_url":"https://codeload.github.com/ansibleguy/infra_apache/tar.gz/refs/heads/latest","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231590686,"owners_count":18396934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","apache2","automation","certbot","certificates","iac","infrastructure-as-code","webserver"],"created_at":"2024-12-28T06:17:26.486Z","updated_at":"2025-08-31T12:30:29.658Z","avatar_url":"https://github.com/ansibleguy.png","language":"Jinja","funding_links":["https://ko-fi.com/ansible0guy","https://github.com/sponsors/ansibleguy"],"categories":[],"sub_categories":[],"readme":"[![Apache2](https://www.apache.org/logos/res/httpd/default.png)](https://httpd.apache.org/)\n\n# Ansible Role - Apache2 Webserver\n\nAnsible Role to deploy one or multiple Apache2 sites on a linux server.\n\n[![Lint](https://github.com/ansibleguy/infra_apache/actions/workflows/lint.yml/badge.svg)](https://github.com/ansibleguy/infra_apache/actions/workflows/lint.yml)\n[![Ansible Galaxy](https://badges.ansibleguy.net/galaxy.badge.svg)](https://galaxy.ansible.com/ui/standalone/roles/ansibleguy/infra_apache)\n\n**Molecule Integration-Tests**:\n\n* Status: [![Molecule Test Status](https://badges.ansibleguy.net/infra_apache.molecule.svg)](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2) |\n[![Functional-Tests](https://github.com/ansibleguy/infra_apache/actions/workflows/integration_test_result.yml/badge.svg)](https://github.com/ansibleguy/infra_apache/actions/workflows/integration_test_result.yml)\n* Logs: [API](https://ci.ansibleguy.net/api/job/ansible-test-molecule-infra_apache/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70\u0026lines=1000) | [Short](https://badges.ansibleguy.net/log/molecule_infra_apache_test_short.log) | [Full](https://badges.ansibleguy.net/log/molecule_infra_apache_test.log)\n\nInternal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)\n\n**Tested:**\n* Debian 11\n* Debian 12\n\n----\n\n## Install\n\n```bash\n# latest\nansible-galaxy role install git+https://github.com/ansibleguy/infra_apache\n\n# from galaxy\nansible-galaxy install ansibleguy.infra_apache\n\n# or to custom role-path\nansible-galaxy install ansibleguy.infra_apache --roles-path ./roles\n\n# install dependencies\nansible-galaxy install -r requirements.yml\n```\n\n----\n\n## Advertisement\n\n* Need **professional support** using Ansible or managing Web-Applications? Contact us:\n\n  E-Mail: [contact@oxl.at](mailto:contact@oxl.at)\n\n  Tel: [+43 3115 40 900 0](tel:+433115409000)\n\n  Web: [EN](https://www.o-x-l.com) | [DE](https://www.oxl.at)\n\n  Language: German or English\n\n* You want a simple **Ansible GUI**?\n\n  Check-out this [Ansible WebUI](https://github.com/ansibleguy/webui)\n\n----\n\n## Usage\n\n### Config\n\nDefine the apache dictionary as needed!\n\n```yaml\napache:\n  headers:\n    mySuperCustom: 'headerContent'\n\n  modules:\n    present: ['evasive', 'ssl', 'headers', 'rewrite']\n\n  guys_statics:\n    mode: 'serve'\n    domain: 'static.guy.net'\n    serve:\n      path: '/var/www/site_guys_statics'\n\n    ssl:\n      mode: 'snakeoil'\n\n    config:  # add settings as key-value pairs\n      KeepAliveTimeout: 10\n    config_additions:   # add a list of custom lines of config\n      - 'location = / { return 301 /kitty.jpg; }'\n\n  git_stuff:\n    mode: 'redirect'\n    domain: 'ansibleguy.net'\n    aliases: ['www.ansibleguy.net']\n    redirect:\n      target: 'https://github.com/ansibleguy'\n\n    ssl:\n      mode: 'letsencrypt'\n\n    letsencrypt:\n      email: 'apache@template.ansibleguy.net'\n\n    security:\n      restrict_methods: false\n```\n\n### Execution\n\nRun the playbook:\n```bash\nansible-playbook -K -D -i inventory/hosts.yml playbook.yml\n```\n\nThere are also some useful **tags** available:\n* base =\u003e only configure basics; sites will not be touched\n* sites\n* config =\u003e configuration (base and instances)\n* certs\n\nTo debug errors - you can set the 'debug' variable at runtime:\n```bash\nansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes\n```\n\n----\n\n## Functionality\n\n* **Package installation**\n  * Ansible dependencies (_minimal_)\n  * Apache2\n\n\n* **Configuration**\n  * Support for multiple sites/servers\n  * Two **config-modes**:\n    * serve (_default_)\n    * redirect\n  * Support for specific configurations using the 'config' and 'config_additions' parameters\n\n\n  * **Default config**:\n    * Disabled: \u003cTLS1.2, unsecure ciphers, autoindex, servertokens/-signature, ServerSideIncludes, CGI\n    * Security headers: HSTS, X-Frame, Referrer-Policy, Content-Type nosniff, X-Domain-Policy, XXS-Protection\n    * Limits to prevent DDoS\n    * Using a Self-Signed certificate\n    * Modules: +ssl, +http2, headers, rewrite; -autoindex\n    * HTTP2 enabled with fallback to HTTP1.1\n    * IPv6 support disabled (*at least one ipv6 address MUST EXIST*)\n\n\n  * **SSL modes** (_for more info see: [CERT ROLE](https://github.com/ansibleguy/infra_certs)_)\n    * **selfsigned** =\u003e Generate self-signed ones\n    * **ca** =\u003e Generate a minimal Certificate Authority and certificate signed by it\n    * **letsencrypt** =\u003e Uses the LetsEncrypt certbot\n    * **existing** =\u003e Copy certificate files or use existing ones\n\n\n  * **Default opt-ins**:\n    * restricting methods to POST/GET/HEAD\n    * status-page listener on localhost\n    * Logging to syslog\n    * http2\n\n\n  * **Default opt-outs**:\n    * Include the config file 'sites-available/site_{{ site_name }}_app.conf' for advanced usage\n\n\nOptions to provide module config will be added in the future!\u003cbr\u003e\nAlso some basic mods will get a pre-config added. (_prefork, evasive_)\n\n----\n\n## Info\n\n* **Note:** Most of the role's functionality can be opted in or out.\n\n  For all available options - see the default-config located in the main/site defaults-file!\n\n\n* **Note:** this role currently only supports debian-based systems\n\n\n* **Note:** This role expects that the site's unencrypted 'server' will only redirect to its encrypted connection.\n\n\n* **Note:** If you want any requested domain to get handled by a site/server you need to add a **wildcard** '*' as alias!\u003cbr\u003e\n\n   BUT: You still have to provide a main domain!\n\n\n* **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!\n\n\n* **Info:** To disable default settings and headers =\u003e just set their value to: ''\n\n\n* **Info:** For LetsEncrypt renewal to work, you must allow outgoing connections to:\n\n  80/tcp, 443/tcp+udp to acme-v02.api.letsencrypt.org, staging-v02.api.letsencrypt.org (_debug mode_) and r3.o.lencr.org\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Finfra_apache","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansibleguy%2Finfra_apache","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Finfra_apache/lists"}