{"id":16779802,"url":"https://github.com/petermosmans/ansible-role-apache2","last_synced_at":"2025-09-05T22:41:15.747Z","repository":{"id":34367132,"uuid":"38291806","full_name":"PeterMosmans/ansible-role-apache2","owner":"PeterMosmans","description":"Ansible role for installation of apache2","archived":false,"fork":false,"pushed_at":"2018-11-25T10:04:30.000Z","size":59,"stargazers_count":3,"open_issues_count":0,"forks_count":6,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-21T08:06:41.698Z","etag":null,"topics":["ansible","ansible-role","apache2","harden"],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PeterMosmans.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-30T06:28:48.000Z","updated_at":"2022-11-03T15:01:17.000Z","dependencies_parsed_at":"2022-09-11T02:11:27.901Z","dependency_job_id":null,"html_url":"https://github.com/PeterMosmans/ansible-role-apache2","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/PeterMosmans/ansible-role-apache2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-apache2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-apache2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-apache2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-apache2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PeterMosmans","download_url":"https://codeload.github.com/PeterMosmans/ansible-role-apache2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PeterMosmans%2Fansible-role-apache2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273832983,"owners_count":25176271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-05T02:00:09.113Z","response_time":402,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","apache2","harden"],"created_at":"2024-10-13T07:32:26.853Z","updated_at":"2025-09-05T22:41:15.719Z","avatar_url":"https://github.com/PeterMosmans.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"Ansible Role: Apache2\n=====================\n\nBuild status for this role: [![Build Status](https://travis-ci.org/PeterMosmans/ansible-role-apache2.svg)](https://travis-ci.org/PeterMosmans/ansible-role-apache2)\n\n\nThis role installs and configures the Apache 2 webserver on Debian and Ubuntu\nservers. The main focus is on **hardening a default Apache installation**. It\nmodifies the default Apache configuration as well as disables and enables\nspecific modules. Furthermore it can deploy (a number of) website configuration\nfiles, SSL certificates and corresponding private keys.\n\nBy setting the\n```apache2_php``` flag to true, PHP will also be installed and configured.\n\nNote that PHP will not be removed or disabled by setting the ```apache2_php```\nflag to false. This can be done for instance by adding the php module to the\n```apache2_modules_disabled``` list.\n\n\nRequirements\n------------\n\nThe installation of ufw (the uncomplicated firewall, a frontend for iptables).\n\n\nRole Variables\n--------------\n\nAvailable variables are listed below, along with default values.\n\n**apache2_default**: When true, the default site will *not* be disabled, and `/var/www/html` will *not* be removed. If not specified or false, the default site will be disabled, and `/var/www/html` removed.\n```\napache2_default: false\n```\nBy default, the value is not specified.\n\n\n**apache2_modules_disabled**: A list with Apache modules which will be disabled by default. The defaults can be found in ```defaults/main.yml```.\n```\napache2_modules_disabled:\n  - autoindex\n  - authn_anon\n  - cgi\n  - dav\n  - env\n  - negotiation\n  - setenvif\n  - status\n  - userdir\n```\n\n\n\n\n**apache2_modules_enabled**: A list with Apache modules which will be enabled by default. The defaults can be found in ```defaults/main.yml```.\n```\napache2_modules_enabled:\n  - alias\n  - auth_digest\n  - authz_host\n  - deflate\n  - dir\n  - headers\n  - reqtimeout\n  - rewrite\n  - ssl\n```\n\n\n\n**apache2_php**: When true, PHP will also be installed, including the Apache PHP\nmodule\n```\napache2_php: false\n```\n\n\n**apache2_php_version**: The PHP version. The default can be found in\n```defaults/main.yml```.\n```\napache2_php_version: 7.0\n\n```\n\n\n\nIf PHP will be installed, `php.ini` will be deployed to\n`/etc/php/[apache2_php_version]/apache2/php.ini`. This is a template which uses lots of\ncustomizable template variables. The defaults can be found in ```defaults/main.yml```.\n```\napache2_php_allow_url_fopen: \"Off\"\napache2_php_allow_url_include: \"Off\"\napache2_php_assert_active: \"0\"\napache2_php_default_charset: \"\\\"UTF-8\\\"\"\napache2_php_disable_functions: \"fsockopen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriorit,stream_socket_client\"\napache2_php_display_errors: \"Off\"\napache2_php_display_startup_errors: \"Off\"\napache2_php_enable_dl: \"Off\"\napache2_php_expose_php: \"Off\"\napache2_php_log_errors: \"On\"\napache2_php_mail_add_x_header: \"Off\"\napache2_php_open_basedir: \"/dev/urandom:/var/www\"\n```\n\n\n**apache2_ports**: A list on which Apache will listen. If this variable is not defined, port 80 (and 443) will be used. Example:\n```\napache2_ports:\n  - 80\n  - 8000\n```\n\n\n**apache2_security_conf**: A list with security.conf settings which will be applied by default. The defaults can be found in ```defaults/main.yml```.\n```\napache2_security_conf:\n  - name: \"Header set X-Content-Type-Options:\"\n    value: \"\\\"nosniff\\\"\"\n  - name: \"Header set X-Frame-Options:\"\n    value: \"\\\"sameorigin\\\"\"\n  - name: \"ServerName\"\n    value: \"{{ ansible_fqdn }}\"\n  - name: \"ServerTokens\"\n    value: \"Prod\"\n  - name: \"ServerSignature\"\n    value: \"Off\"\n  - name: \"TraceEnable\"\n    value: \"Off\"\n```\n\n\n\n**apache2_websites**: An optional list with Apache configuration files. The `src` points to the Jinja2 file, the `dest` will be the resulting website configuration file.\nExample:\n```\napache2_websites:\n  - src: mywebsited.conf.j2\n    name: mywebsite.conf\n```\nBy default, the list is empty.\n\n\n\n\n**ssl_certificates**: An optional list containing the location (```src```) and name (```name```) of x.509 SSL certificates. Please note that the location is relative from the apache2 ```role/files``` subfolder. For instance, if you want to include a certificate from within a secure storage path, you should use the following:\n```\nssl_certificates:\n  - src: /secure/storage/path\n    name: www.mysite.com.cer\n\n\n```\nBy default, the list is empty.\n\n\n\n\n**ssl_keys**: An optional list containing the location (```src```) and name (```name```) of private keys. Please note that the location is relative from the apache2 ```role/files``` subfolder. For instance, if you want to include a key from within a secure storage path, you should use the following:\n```\nssl_certificates:\n  - src: /secure/storage/path\n    name: www.mysite.com.key\n```\nBy default, the list is empty.\n\n\n\n\n**www_folder**: The default root under which website directories are stored.\n```\nwww_folder: /var/www\n```\n\n\n\n\nPlease note that this role doesn't template Apache configurations - it copies configuration files. It does however template PHP.\n\n\n\nDependencies\n------------\n\nNone.\n\n\n\nExample Playbook\n----------------\n```\n- hosts: all\n  become: yes\n  become_method: sudo\n  roles:\n    - role: PeterMosmans.apache2\n```\nThis example will install and harden Apache.\n\n\n```\n- hosts: all\n  become: yes\n  become_method: sudo\n  roles:\n    - role: PeterMosmans.apache2\n      apache2_websites:\n      - src: .\n        name: mywebsite.conf\n  vars:\n    apache2_php: true\n```\nThis example will install and harden Apache, install and harden PHP, deploy the file ```mywebsite.conf``` from the folder ```roles/apache2/files``` and enable the website. The default website will be disabled, and `/var/www/html` removed.\n\n\n\n\nLicense\n-------\n\nGPLv3\n\n\nAuthor Information\n------------------\n\nCreated by Peter Mosmans.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetermosmans%2Fansible-role-apache2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpetermosmans%2Fansible-role-apache2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpetermosmans%2Fansible-role-apache2/lists"}