added creation of sites

README.md

@@ -8,6 +8,7 @@
 > * installs apache2
 > * configures apache2
 > * enables/disables confs
+> * creates sites
 > * enables/disables sites
 > * enables/disables modules
 > * optionally removes default host
@@ -36,24 +37,15 @@ $ git clone https://github.com/weareinteractive/ansible-apache2.git
 
 ## Dependencies
 
-* Apache 2.2 | 2.4
+* Tested with Apache 2.2 | 2.4
+* [franklinkim.openssl](https://github.com/weareinteractive/ansible-openssl)
+* [franklinkim.htpasswd](https://github.com/weareinteractive/ansible-htpasswd)
 
 ## Variables
 
 Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`.
 
 ```
-# apache2_module:
-#   - { id: auth, state: absent }
-#   - { id: rewrite, state: present }
-# apache2_confs:
-#   - { id: security, state: absent }
-#   - { id: mime, state: present }
-# apache2_sites:
-#   - { id: default, state: absent }
-#   - { id: foobar, state: present }
-#
-
 # ports to listen to
 apache2_ports: [80]
 # ssl ports to listen to
@@ -80,6 +72,54 @@ apache2_server_signiture: 'Off'
 apache2_trace_enable: 'Off'
 ```
 
+Module and confs might be defined through:
+
+```
+# id of the conf or module
+id: auth
+# state: absent | present
+state: absent
+```
+
+A site might be defined through:
+
+```
+# site id (required)
+id: foo
+# server name (required)
+name: foo.com
+# ip to listen to
+ip: '*'
+# port to listen to
+port: 80
+# state: present | absent
+state: present
+# create the /var/www/[id]/htdocs folder
+add_webroot: no
+# /etc/nginx/rules/[rule].conf to include
+rules: []
+# list of server aliases
+aliases: []
+# list of server redirects
+redirects: []
+# enable ssl
+ssl:
+  # redirect http to https
+  only: no
+  # port to listen to
+  port: 443
+  # @see franklinkim.openssl
+  key_name: mykey
+  cert_name: mycert
+# enable auth
+auth:
+  # @see franklinkim.htpasswd
+  name: foo
+  file: foo
+# custom string to append to the site
+append: false
+```
+
 ## Handlers
 
 These are the handlers that are defined in `handlers/main.yml`.
@@ -117,6 +157,25 @@ These can be included into your site definitions.
       - { id: mime, state: present }
       - { id: headers, state: present }
       - { id: rewrite, state: present }
+    apache2_remove_default: yes
+    htpasswd:
+      - name: foobar
+        users:
+          - { name: foobar, password: foobar }
+    openssl_self_signed:
+      - { name: 'foobar.local', country: 'DE', state: 'Bavaria', city: 'Munich', organization: 'Foo Bar', email: '[email protected]' }
+    apache2_sites_html:
+      - id: foobar
+        state: present
+        name: foobar.local
+        rules: ['mimes', 'expires', 'security', 'compression']
+        add_webroot: yes
+        auth:
+          name: Foo Bar
+          file: foobar
+        ssl:
+          key_name: foobar.local
+          cert_name: foobar.local
 ```
 
 ## Testing

defaults/main.yml

@@ -9,8 +9,25 @@
 #   - { id: security, state: absent }
 #   - { name: mime, state: present }
 # apache2_sites:
-#   - { id: default, state: absent }
-#   - { id: foobar, state: present }
+#   - id: mysite (required)
+#     name: mysite.local (required)
+#     ip: '*'
+#     port: 80
+#     state: present
+#     add_webroot: no
+#     template: path/to/template.j2
+#     rules: []
+#     aliases: []
+#     redirects: []
+#     ssl:
+#       port: 443
+#       key_name: mykey
+#       cert_name: mycert
+#       chain_name: mychain
+#     auth:
+#       name: mysite
+#       file: mysite
+#     append: ''
 #
 
 # ports to listen to

meta/main.yml

@@ -16,4 +16,6 @@ galaxy_info:
 # dependencies available via galaxy should be listed here.
 # Be sure to remove the '[]' above if you add dependencies
 # to this list.
-dependencies: []
+dependencies:
+  - franklinkim.openssl
+  - franklinkim.htpasswd

tasks/manage_sites.yml

@@ -1,9 +1,34 @@
 ---
 
+- name: Creating webroots
+  file: >
+    dest=/var/www/{{ item.id }}/htdocs
+    state=directory
+  when: item.add_webroot is defined and item.add_webroot == true
+  with_items: apache2_sites
+  tags:
+    - web
+    - apache2-php
+    - manage
+
+# site
+- name: Creating sites
+  template: >
+    src={{ item.template|default(apache2_version ~ '/etc-apache2-sites-available-site.j2') }}
+    dest=/etc/apache2/sites-available/{{ item.id }}{{ apache2_site_conf_extension }}
+    owner=root
+    group=root
+    mode=0644
+  with_items: apache2_sites
+  tags:
+    - web
+    - apache2-php
+    - manage
+
 - name: Enabling sites
   file: >
-    src=/etc/apache2/sites-available/{{ item.id }}
-    dest=/etc/apache2/sites-enabled/{{ item.id }}
+    src=/etc/apache2/sites-available/{{ item.id }}{{ apache2_site_conf_extension }}
+    dest=/etc/apache2/sites-enabled/{{ item.id }}{{ apache2_site_conf_extension }}
     state=link
   when: item.state is not defined or item.state == 'present'
   with_items: apache2_sites
@@ -15,7 +40,7 @@
 
 - name: Disabling sites
   file: >
-    src=/etc/apache2/sites-enabled/{{ item.id }}
+    src=/etc/apache2/sites-enabled/{{ item.id }}{{ apache2_site_conf_extension }}
     state=absent
   when: item.state is defined and item.state == 'absent'
   with_items: apache2_sites

templates/2.2/etc-apache2-sites-available-site.j2

@@ -0,0 +1,19 @@
+# {{ ansible_managed }}
+
+{% include "etc-apache2-sites-available-site/redirect.j2" %}
+
+{% if item.ssl is defined %}
+<VirtualHost {{ item.ip|default('*') }}:{{item.ssl.port|default(443)}}>
+
+{% include "etc-apache2-sites-available-site/body.j2" %}
+
+{% include "etc-apache2-sites-available-site/ssl.j2" %}
+
+</VirtualHost>
+{% endif %}
+
+<VirtualHost {{ item.ip|default('*') }}:{{item.port|default(80)}}>
+
+{% include "etc-apache2-sites-available-site/body.j2" %}
+
+</VirtualHost>

templates/2.2/etc-apache2-sites-available-site/body.j2

@@ -0,0 +1,40 @@
+  ServerName {{ item.name }}
+  DocumentRoot /var/www/{{ item.id }}/htdocs
+  {% for value in item.aliases|default([]) %}
+  ServerAlias {{ value }}
+  {% endfor %}
+
+  # --- rules ----------------------------------------------------------------
+
+  {% for val in item.rules|default([]) %}
+  include rules/{{ val }}.conf
+  {% endfor %}
+
+  # --- directories -----------------------------------------------------------
+
+  <Directory /var/www/{{ item.id }}/htdocs>
+    AllowOverride All
+    Options FollowSymLinks
+    Order allow,deny
+    Allow from all
+  </Directory>
+
+  {% if item.auth is defined %}
+  # --- auth ------------------------------------------------------------------
+
+  {% include "etc-apache2-sites-available-site/htpasswd.j2" %}
+  {% endif %}
+
+  # --- logging ---------------------------------------------------------------
+
+  LogLevel warn
+  ErrorLog  /var/log/apache2/error-{{ item.id }}.log
+  CustomLog /var/log/apache2/access-{{ item.id }}.log combined
+
+  {% if item.append is defined %}
+
+  # --- appended --------------------------------------------------------------
+
+  {{ item.append }}
+  {% endif %}
+

templates/2.2/etc-apache2-sites-available-site/htpasswd.j2

@@ -0,0 +1,7 @@
+<Directory /var/www/{{ item.id }}/htdocs>
+  AuthType Basic
+  AuthBasicProvider file
+  AuthUserFile /etc/htpasswd/{{ item.auth.file }}
+  AuthName "{{ item.auth.name|default(item.id) }}"
+  Require valid-user
+</Directory>

templates/2.2/etc-apache2-sites-available-site/redirect.j2

@@ -0,0 +1,28 @@
+{% for value in item.redirects|default([]) %}
+{% if item.ssl is defined %}
+<VirtualHost {{ item.ip|default('*') }}:{{item.ssl.port|default(443)}}>
+  ServerName {{ value }}
+
+  {% include "etc-apache2-sites-available-site/ssl.j2" %}
+
+  # logging
+  LogLevel warn
+  ErrorLog  /var/log/apache2/error-{{ item.id }}.log
+  CustomLog /var/log/apache2/access-{{ item.id }}.log combined
+
+  # redirect
+  Redirect permanent / https://{{ item.name }}/
+</VirtualHost>
+{% endif %}
+<VirtualHost {{ item.ip|default('*') }}:{{item.port|default(80)}}>
+  ServerName {{ value }}
+
+  # logging
+  LogLevel warn
+  ErrorLog  /var/log/apache2/error-{{ item.id }}.log
+  CustomLog /var/log/apache2/access-{{ item.id }}.log combined
+
+  # redirect
+  Redirect permanent / http://{{ item.name }}/
+</VirtualHost>
+{% endfor %}

templates/2.2/etc-apache2-sites-available-site/ssl.j2

@@ -0,0 +1,8 @@
+# --- ssl -------------------------------------------------------------------
+
+include rules/ssl.conf
+SSLCertificateFile {{ openssl_certs_path }}/{{ item.ssl.cert_name|default('server') }}.crt
+SSLCertificateKeyFile {{ openssl_keys_path }}/{{ item.ssl.key_name|default('server') }}.key
+{% if item.ssl.chain_name is defined %}
+SSLCACertificateFile {{ openssl_certs_path }}/{{ item.ssl.chain_name }}.crt
+{% endif %}

templates/2.4/etc-apache2-apache2.conf.j2

@@ -220,6 +220,6 @@ LogFormat "%{User-agent}i" agent
 IncludeOptional conf-enabled/*.conf
 
 # Include the virtual host configurations:
-IncludeOptional sites-enabled/*
+IncludeOptional sites-enabled/*.conf
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

templates/2.4/etc-apache2-sites-available-site.j2

@@ -0,0 +1,19 @@
+# {{ ansible_managed }}
+
+{% include "etc-apache2-sites-available-site/redirect.j2" %}
+
+{% if item.ssl is defined %}
+<VirtualHost {{ item.ip|default('*') }}:{{item.ssl.port|default(443)}}>
+
+{% include "etc-apache2-sites-available-site/body.j2" %}
+
+{% include "etc-apache2-sites-available-site/ssl.j2" %}
+
+</VirtualHost>
+{% endif %}
+
+<VirtualHost {{ item.ip|default('*') }}:{{item.port|default(80)}}>
+
+{% include "etc-apache2-sites-available-site/body.j2" %}
+
+</VirtualHost>

templates/2.4/etc-apache2-sites-available-site/body.j2

@@ -0,0 +1,40 @@
+  ServerName {{ item.name }}
+  DocumentRoot /var/www/{{ item.id }}/htdocs
+  {% for value in item.aliases|default([]) %}
+  ServerAlias {{ value }}
+  {% endfor %}
+
+  # --- rules ----------------------------------------------------------------
+
+  {% for val in item.rules|default([]) %}
+  include rules/{{ val }}.conf
+  {% endfor %}
+
+  # --- directories -----------------------------------------------------------
+
+  <Directory /var/www/{{ item.id }}/htdocs>
+    AllowOverride All
+    Options FollowSymLinks
+    Require all granted
+    Satisfy Any
+  </Directory>
+
+  {% if item.auth is defined %}
+  # --- auth ------------------------------------------------------------------
+
+  {% include "etc-apache2-sites-available-site/htpasswd.j2" %}
+  {% endif %}
+
+  # --- logging ---------------------------------------------------------------
+
+  LogLevel warn
+  ErrorLog  /var/log/apache2/error-{{ item.id }}.log
+  CustomLog /var/log/apache2/access-{{ item.id }}.log combined
+
+  {% if item.append is defined %}
+
+  # --- appended --------------------------------------------------------------
+
+  {{ item.append }}
+  {% endif %}
+

templates/2.4/etc-apache2-sites-available-site/htpasswd.j2

@@ -0,0 +1,7 @@
+<Directory /var/www/{{ item.id }}/htdocs>
+  AuthType Basic
+  AuthBasicProvider file
+  AuthUserFile /etc/htpasswd/{{ item.auth.file }}
+  AuthName "{{ item.auth.name|default(item.id) }}"
+  Require valid-user
+</Directory>