From 8e5e55034dde263e828b390e2f60210441ab2991 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Mon, 29 Dec 2014 23:04:45 +0100 Subject: Switch to external httpd module --- requirements.yml | 3 ++ roles/httpd/0001-Remove-ssl-v3-CVE-2014-3566.patch | 33 -------------- roles/httpd/defaults/main.yml | 2 - roles/httpd/files/mod_filter.conf | 3 -- roles/httpd/files/name_vhost.conf | 2 - roles/httpd/files/remove_sslv3.conf | 1 - roles/httpd/handlers/main.yml | 3 -- roles/httpd/tasks/main.yml | 51 ---------------------- roles/httpd/templates/vhost.conf | 21 --------- roles/httpd/templates/vhost_redirect.conf | 16 ------- 10 files changed, 3 insertions(+), 132 deletions(-) create mode 100644 requirements.yml delete mode 100644 roles/httpd/0001-Remove-ssl-v3-CVE-2014-3566.patch delete mode 100644 roles/httpd/defaults/main.yml delete mode 100644 roles/httpd/files/mod_filter.conf delete mode 100644 roles/httpd/files/name_vhost.conf delete mode 100644 roles/httpd/files/remove_sslv3.conf delete mode 100644 roles/httpd/handlers/main.yml delete mode 100644 roles/httpd/tasks/main.yml delete mode 100644 roles/httpd/templates/vhost.conf delete mode 100644 roles/httpd/templates/vhost_redirect.conf diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..91ac5a8 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,3 @@ +--- +- src: https://github.com/OSAS/ansible-role-httpd + name: httpd diff --git a/roles/httpd/0001-Remove-ssl-v3-CVE-2014-3566.patch b/roles/httpd/0001-Remove-ssl-v3-CVE-2014-3566.patch deleted file mode 100644 index 62607b5..0000000 --- a/roles/httpd/0001-Remove-ssl-v3-CVE-2014-3566.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ce67394ccb7eaf138330c52f9ec5062698efb8aa Mon Sep 17 00:00:00 2001 -From: Michael Scherer -Date: Tue, 14 Oct 2014 23:36:21 -0400 -Subject: [PATCH] Remove ssl v3, CVE-2014-3566 - ---- - roles/httpd/files/remove_sslv3.conf | 1 + - roles/httpd/tasks/main.yml | 1 + - 2 files changed, 2 insertions(+) - create mode 100644 roles/httpd/files/remove_sslv3.conf - -diff --git a/roles/httpd/files/remove_sslv3.conf b/roles/httpd/files/remove_sslv3.conf -new file mode 100644 -index 0000000..0872cbe ---- /dev/null -+++ b/roles/httpd/files/remove_sslv3.conf -@@ -0,0 +1 @@ -+SSLProtocol all -SSLv2 -SSLv3 -diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml -index 98d6ade..7dfe89d 100644 ---- a/roles/httpd/tasks/main.yml -+++ b/roles/httpd/tasks/main.yml -@@ -11,6 +11,7 @@ - with_items: - - name_vhost.conf - - mod_filter.conf -+ - remove_sslv3.conf - notify: restart httpd - - - template: src=vhost.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644 --- -1.8.3.1 - diff --git a/roles/httpd/defaults/main.yml b/roles/httpd/defaults/main.yml deleted file mode 100644 index 409440c..0000000 --- a/roles/httpd/defaults/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -log_retention_week: 8 diff --git a/roles/httpd/files/mod_filter.conf b/roles/httpd/files/mod_filter.conf deleted file mode 100644 index cde8c84..0000000 --- a/roles/httpd/files/mod_filter.conf +++ /dev/null @@ -1,3 +0,0 @@ -# not enabled by default on centos 6 -LoadModule filter_module modules/mod_filter.so - diff --git a/roles/httpd/files/name_vhost.conf b/roles/httpd/files/name_vhost.conf deleted file mode 100644 index d2d1c0d..0000000 --- a/roles/httpd/files/name_vhost.conf +++ /dev/null @@ -1,2 +0,0 @@ -NameVirtualHost *:443 -NameVirtualHost *:80 diff --git a/roles/httpd/files/remove_sslv3.conf b/roles/httpd/files/remove_sslv3.conf deleted file mode 100644 index 0872cbe..0000000 --- a/roles/httpd/files/remove_sslv3.conf +++ /dev/null @@ -1 +0,0 @@ -SSLProtocol all -SSLv2 -SSLv3 diff --git a/roles/httpd/handlers/main.yml b/roles/httpd/handlers/main.yml deleted file mode 100644 index e379288..0000000 --- a/roles/httpd/handlers/main.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -- name: restart httpd - service: name=httpd state=restarted diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml deleted file mode 100644 index b1e7342..0000000 --- a/roles/httpd/tasks/main.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- yum: name={{ item }} state=installed - with_items: - - python-passlib - - httpd - - mod_ssl - -- service: name=httpd state=started enabled=yes - -- copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=apache mode=0644 - with_items: - - name_vhost.conf - - mod_filter.conf - - remove_sslv3.conf - notify: restart httpd - -- template: src=vhost.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644 - notify: restart httpd - when: document_root is defined - -- template: src=vhost_redirect.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644 - notify: restart httpd - when: redirect is defined - -- file: state=directory path={{ document_root }} setype=httpd_sys_content_t owner=root mode=755 group=root - when: document_root is defined - -- file: path=/etc/httpd/conf.d/{{ website_url }}.conf.d/ state=directory - when: website_url is defined - -# needed for newer apache, who requires at least 1 file for include -- file: path=/etc/httpd/conf.d/{{ website_url }}.conf.d/placeholder.conf state=touch - when: website_url is defined - -- file: path=/etc/httpd/conf.d/password_protection.conf state=absent - notify: restart httpd - -- htpasswd: path=/etc/httpd/{{ website_url }}.htpasswd name={{ website_user }} password={{ website_password }} owner=root group=apache mode=0640 - when: website_user is defined - -- shell: lokkit -s {{ item }} - with_items: - - http - - https - when: ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') - -- firewalld: service={{ item }} permanent=true state=enabled - with_items: - - http - - https - when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7' diff --git a/roles/httpd/templates/vhost.conf b/roles/httpd/templates/vhost.conf deleted file mode 100644 index 21172c9..0000000 --- a/roles/httpd/templates/vhost.conf +++ /dev/null @@ -1,21 +0,0 @@ - - {% if website_password is defined %} - - - AuthType Basic - AuthName "Restricted access, contact OSAS for password" - AuthUserFile /etc/httpd/{{ website_url }}.htpasswd - Require valid-user - - {% endif %} - - - AllowOverride All - - - ServerName {{ website_url }} - DocumentRoot {{ document_root }} - Include /etc/httpd/conf.d/{{ website_url}}.conf.d/*conf - - - diff --git a/roles/httpd/templates/vhost_redirect.conf b/roles/httpd/templates/vhost_redirect.conf deleted file mode 100644 index 1c93343..0000000 --- a/roles/httpd/templates/vhost_redirect.conf +++ /dev/null @@ -1,16 +0,0 @@ - - {% if website_password is defined %} - - - AuthType Basic - AuthName "Restricted access, contact OSAS for password" - AuthUserFile /etc/httpd/{{ website_url }}.htpasswd - Require valid-user - - {% endif %} - - ServerName {{ website_url }} - Redirect / {{ redirect }} - - - -- cgit