WIP: 1st apache page

Makefile

@@ -9,14 +9,16 @@ open_all:
 	${EDITOR} .gitignore inv* Makefile README.md
 	${EDITOR} tasks/*.yml
 	${EDITOR} tasks/files/sshd_config
-	${EDITOR} tasks/templates/*.j2
+	${EDITOR} tasks/vars/*.yml
+	${EDITOR} tasks/apache/*.yml
+	${EDITOR} tasks/apache/files/*.html
+	${EDITOR} tasks/apache/templates/*.j2
 	${EDITOR} tasks/system_cfg/*.yml
 	${EDITOR} tasks/system_cfg/templates/*.j2
 	${EDITOR} tasks/user_cfg/*.yml
 	${EDITOR} tasks/user_cfg/files/dotfiles/*
 	${EDITOR} tasks/user_cfg/templates/*.j2
 	${EDITOR} tasks/user_cfg/vars/*.yml
-	${EDITOR} tasks/vars/*.yml
 
 inventory_generation:
 	cp inventory.sample inventory && ${EDITOR} inventory

README.md

@@ -15,6 +15,7 @@ Suitable for server and workstation.
 
 |   task                                                |   purpose                                                             |
 |   :--------------------------------------:            |   :--------------------------------------------------------------:    |
+| [`apache`](apache/main.yml)                           |   🚧 WIP: Install Apache2 HTTP server                                 |
 | [`apt.yml`](tasks/apt.yml)                            |   Install generic packages                                            |
 | [`become_user_cfg.yml`](tasks/become_user_cfg.yml)    |   Set `sudo` without password for `become_user` access                |
 | [`host_info.yml`](tasks/host_info.yml)                |   Return message with distribution full name & version                |

tasks/apache/files/apache2.conf

+# ############################################# #
+#          /etc/apache2/apache2.conf            #
+#                                               #
+#       This file is managed by Ansible         #
+#       Manual edition will be overridden       #
+#                                               #
+#   https://lab.frogg.it/fcode/ansible/debian   #
+#                                               #
+# ############################################# #
+
+Mutex file:${APACHE_LOCK_DIR} default
+PidFile ${APACHE_PID_FILE}
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+HostnameLookups Off
+ErrorLog ${APACHE_LOG_DIR}/error.log
+LogLevel warn
+
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+    $Include ports.conf
+
+<Directory />
+        Options FollowSymLinks
+        AllowOverride None
+        Require all denied
+</Directory>
+
+AccessFileName .htaccess
+
+<FilesMatch "^\.ht">
+        Require all denied
+</FilesMatch>
+
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+IncludeOptional conf-enabled/*.conf
+IncludeOptional sites-enabled/*.conf
+
+ServerName localhost
+ServerTokens Prod
+ServerSignature Off

tasks/apache/main.yml

+---
+- hosts: "{{ host_list }}"
+  remote_user: root
+
+  tasks:
+
+    - name: APT | install base & os packages
+      ansible.builtin.apt:
+        cache_valid_time: 3600
+        force_apt_get: yes
+        pkg: apache2
+        state: present
+        update_cache: true
+
+    - name: APACHE | default vhost config file
+      ansible.builtin.template:
+        src: 00-default.conf.j2
+        dest: /etc/apache2/sites-available/00-default.conf
+
+    - name: APACHE | Creating `{{ web_root }}/default/`
+      ansible.builtin.file:
+        path: "{{ web_root }}/default/"
+        state: directory
+        owner: www-data
+
+    - name: APACHE | Copy the HTML page
+      ansible.builtin.template:
+        src: default.html.j2
+        dest: "{{ web_root }}/default/index.html"
+
+    - name: APACHE | Copy files
+      ansible.builtin.copy:
+        owner: www-data
+        src: "{{ item }}"
+        dest: "{{ web_root }}/default/"
+      with_fileglob:
+        files/*
+
+    - name: APACHE | Service state
+      ansible.builtin.service:
+        name: apache2
+        state: started
+        enabled: yes

tasks/apache/templates/00-default.conf.j2

+<Directory />
+	Require all denied
+	Options None
+	AllowOverride None
+
+	Options -Includes
+	Options -Indexes
+	Options -ExecCGI
+	Options -FollowSymLinks
+</Directory>
+
+<VirtualHost *:80>
+	ServerName {{ ansible_default_ipv4.address }}
+	DocumentRoot /srv/default
+
+	<Directory /srv/default >
+		Require all granted
+	</Directory>
+
+	Include conf-enabled/maintenance.conf
+
+	ErrorLog /var/log/apache2/00-default.error.log
+	CustomLog /var/log/apache2/00-default.log combined
+</VirtualHost>

tasks/apache/templates/maintenance.conf.j2

+ErrorDocument 503 /503.html
+
+<filesMatch "^\/(maintenance.enabled|503\.html)$">
+	FileETag None
+	<ifModule mod_headers.c>
+		Header unset ETag
+		Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
+		Header set Pragma "no-cache"
+		Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
+	</ifModule>
+</filesMatch>
+
+<IfModule mod_rewrite.c>
+	RewriteEngine on
+
+	RewriteCond %{DOCUMENT_ROOT}/maintenance.enabled -f
+	RewriteCond %{REQUEST_URI} !/maintenance.enabled$ [NC]
+	RewriteCond %{REQUEST_URI} !/503.html$ [NC]
+	RewriteRule .* - [R=503,L]
+
+	RewriteCond %{DOCUMENT_ROOT}/maintenance.enabled !-f
+	RewriteCond %{REQUEST_URI} ^/maintenance.enabled$ [NC]
+	RewriteRule .? / [R=302,L]
+
+	RewriteCond %{DOCUMENT_ROOT}/maintenance.enabled !-f
+	RewriteCond %{REQUEST_URI} ^/503.html$ [NC]
+	RewriteRule .* - [R=404,L]
+
+</IfModule>