apache_vhost

Overview

This is an Ansible role for configuring apache sites on Debian. It also optionally configures awstats. It depends on apache, which must also be listed as a role for the server. Use apache_vhost like this:

- role: aptiko.general.apache_vhost
  server_name: example.org
  server_aliases: www.example.org

Except for configuration done through the variables specified below, other roles can also drop configuration files in /etc/apache2/snippets/SERVER_NAME/, and notify the Restart apache handler. These snippets are included in the configuration.

Parameters

server_name

The canonical server name.

server_aliases

A list of server aliases, which will be redirected to the canonical server name.

server_aliases_without_redirect

Server aliases to be served as is, not to be redirected to the canonical (this is intended for testing, for example when it’s not yet possible to transfer the main domain to a new server and an alternative domain needs to be used while the new server is being setup).

document_root

The document root. The default is /var/www/{{ server_name }}.

extras

A string with extra configuration to be added to the configuration file.

nonssl_extras

Like extras, but this is configuration that will only be used for non-SSL.

ssl_extras

Like extras, but this is configuration that will only be used for SSL (extras is also used for SSL). Ignored if cert is unset.

letsencrypt

Can be “true” or “false” (the default) or a string. The usual value for Let’s Encrypt certificates is “true”, in which case the Let’s Encrypt certificates for server_name are used; if they don’t exist in /etc/letsencrypt, they are created with certbot. If a string is used, it’s the same thing, except that the string is used as the server name instead of server_name. If letsencrypt is true or a string, cert, private_key and chain_certificates should not be specified. If neither letsencrypt nor cert is specified, then the default is to use Debian’s automatically created self-signed “snakeoil” certificate.

cert

The SSL certificate (see also letsencrypt).

private_key

The SSL private key.

chain_certificates

A list of SSL chain certificates.

force_ssl

Can be true or false (the default). If true, visiting the non-ssl version will redirect to the ssl version. If force_ssl is true, cert or letsencrypt must be specified.

apache_use_awstats

If true, it also configures awstats, which becomes available at /awstats/. The default is true for backwards compatibility reasons.

use_awstats is a deprecated alias for this parameter.

apache_awstats_auth_type

To visit awstats, the user must authenticate. The default authentication type is Basic, but can be changed to something else, like Shibboleth or whatever else is supported by Apache. If extra Apache modules are required to support this authentication type, you must install them separately.

awstats_auth_type is a deprecated alias for this parameter.

apache_awstats_users

A list of usernames and passwords that are allowed to visit awstats. Specify like this:

apache_awstats_users:
 - username: alice
   password: topsecret1
 - username: bob
   password: topsecret2

The password must only be specified if using Basic authentication. In that case, the htpasswd file with these usernames and passwords is set up accordingly.

If using any authentication other than Basic, only specify the username. The authentication system is considered external, so you need to set it up separately.

auth_type is a deprecated alias for this parameter.

apache_awstats_extra_apache_config

The appropriate Location block is set up with AuthType, AuthName, Require user, and, in Basic authentication, AuthUserFile. If you need any other directives, add them to this parameter, which by default is empty.

awstats_extra_apache_config is a deprecated alias for this parameter.