crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

zamok-tools: remove dark magic

certbot_on_virtu
Alexandre Iooss 2021-10-27 09:57:56 +02:00
parent 2fd5be8a31
commit d55543402e
4 changed files with 5 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
roles/zamok-tools/tasks/main.yml
View File

@ -90,23 +90,18 @@
group: root group: root
mode: 0644 mode: 0644
loop: loop:
- "clubs-vhosts.map"
- "ports.conf" - "ports.conf"
- "sites-available/000-perso-vhosts.conf" - "sites-available/000-perso.conf"
- "sites-available/001-perso.conf"
notify: Reload apache notify: Reload apache
- name: Enable apache sites - name: Enable apache sites
file: file:
src: "/etc/apache2/sites-available/{{ item }}" src: /etc/apache2/sites-available/000-perso.conf
dest: "/etc/apache2/sites-enabled/{{ item }}" dest: /etc/apache2/sites-enabled/000-perso.conf
owner: root owner: root
group: root group: root
state: link state: link
force: true force: true
loop:
- "000-perso-vhosts.conf"
- "001-perso.conf"
notify: Reload apache notify: Reload apache
- name: Add PAM rule to use namespaces to have separate temporary directories - name: Add PAM rule to use namespaces to have separate temporary directories

5
roles/zamok-tools/templates/apache2/clubs-vhosts.map.j2
View File

@ -1,5 +0,0 @@
{{ ansible_header | comment }}
{% for host in adh.apache.club_vhosts -%}
{{ host.from }} {{ host.to }}
{% endfor -%}

25
roles/zamok-tools/templates/apache2/sites-available/000-perso-vhosts.conf.j2
View File

@ -1,25 +0,0 @@
# Configuration des vhosts personnalises
# Ce fichier doit etre le premier dans sites-enabled
<VirtualHost *:80>
# Le nom du serveur est determine a partir de la requete HTTP
UseCanonicalName Off
# Logs
LogFormat "%{Host}i %h %l %u %t \"%r\" %s %b" vcommon
CustomLog /var/log/apache2/perso-vhosts.log vcommon
# On charge le fichier mappant les vhosts clubs
# puis on rewrite si seulement s'il y a un match
RewriteEngine On
RewriteMap clubs-vhost txt:/etc/apache2/clubs-vhosts.map
RewriteCond ${clubs-vhost:%{SERVER_NAME}} ^(.+)$
RewriteRule ^/(.*)$ /home/%1/$1 [last]
# Override defaults in /etc/apache2/mods-enabled/userdir.conf
# to add Indexes control in .htaccess and README
<Directory /home/*/www>
AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
ReadmeName /mentionslegales.html
</Directory>
</VirtualHost>

10
roles/zamok-tools/templates/apache2/sites-available/001-perso.conf.j2 → roles/zamok-tools/templates/apache2/sites-available/000-perso.conf.j2
View File

@ -9,14 +9,6 @@
RewriteRule ^/$ https://wiki.crans.org/PagesPerso [last,redirect] RewriteRule ^/$ https://wiki.crans.org/PagesPerso [last,redirect]
RewriteRule ^/~(.*)$ https://perso.crans.org/$1 [last,redirect] RewriteRule ^/~(.*)$ https://perso.crans.org/$1 [last,redirect]
# On aime la magie noire ici.
# Plus sérieusement, on aime beaucoup mod_userdir, mais on ne veut
# pas insérer un '~' avant le pseudo. Donc on réécrit l'URL.
# Toute personne qui tente de réécrire mod_userdir à coup de RewriteRule
# s'aventure dans un monde chaotique, et PHP ne tournera plus en tant
# que chaque utilisateur menant à des fuites de données.
RewriteRule ^/users/(.*)$ /~$1 [last,passthrough]
# Si ça match un utilisateur, on sert sa page personnelle # Si ça match un utilisateur, on sert sa page personnelle
RewriteRule ^/([^~/]+)/(.*)$ /home/$1/www/$2 [last] RewriteRule ^/([^~/]+)/(.*)$ /home/$1/www/$2 [last]
RewriteRule ^/([^~/]+)$ /home/$1/www/ [last] RewriteRule ^/([^~/]+)$ /home/$1/www/ [last]
@ -29,6 +21,8 @@
# to add Indexes control in .htaccess and README # to add Indexes control in .htaccess and README
<Directory /home/*/www> <Directory /home/*/www>
AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes AllowOverride FileInfo AuthConfig Limit Indexes Options=Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
ReadmeName /mentionslegales.html ReadmeName /mentionslegales.html
</Directory> </Directory>
</VirtualHost> </VirtualHost>