-
Notifications
You must be signed in to change notification settings - Fork 24
/
main.yml
40 lines (39 loc) · 2.41 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
##### APACHE WEB SERVER #####
# listen on port 80 (unencrypted HTTP) (yes/no)
apache_listen_http: yes
# ask search engines/bots that respect the X-Robots-Tag header not to crawl this webserver's sites (yes/no)
apache_allow_robots: no
# start/stop the apache webserver, enable/disable it on boot (yes/no)
apache_enable_service: yes
# e-mail address to register a letsencrypt.org account
apache_letsencrypt_email: "CHANGEME"
# enable HTTP Strict-Transport-Security for websites using letsencrypt.org certificates (yes/no)
# enabling HSTS will force clients/browsers to only connect over to these sites over HTTPS with valid certificates for 6 months, don't set this to yes if you intend to use self-signed certificates in the future
apache_letsencrypt_enable_hsts: no
# custom apache reverse proxies (https://en.wikipedia.org/wiki/Reverse_proxy)
# Example:
# apache_reverseproxies:
# - servername: site1.example.org # required, FQDN of the virtualhost
# upstream: "https://localhost:3545" # (required) the server to proxy requests to
# https_mode: selfsigned # (optional, selfsigned/letsencrypt, default selfsigned) mode for the auto-generated SSL certificate
# redirect_https: yes # (optional, yes/no, default yes) redirect HTTP requests to HTTPS
# monitor_http: yes # (optional, yes/no, default yes) add a netdata HTTP check for this virtualhost, if nodiscc.xsrv.monitoring_netdata is deployed
# extra_directives: # (optional) list of additional config directives https://httpd.apache.org/docs/current/mod/directives.html
# - "SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1" # allow less-secure TLS1.2 for legacy clients
# - servername: site2.example.org
# upstream: https://10.0.0.36:3646
apache_reverseproxies: []
# aggregate apache access logs to syslog (if nodiscc.xsrv.monitoring_rsyslog role is deployed) (yes/no)
apache_access_log_to_syslog: no
# firewall zones for the apache service (if nodiscc.xsrv.common/firewalld role is deployed)
# 'zone:' is one of firewalld zones, set 'state:' to 'disabled' to remove the rule (the default is state: enabled)
# apache access must be allowed from the 'public' zone to use Let's Encrypt certificates
apache_firewalld_zones:
- zone: public
state: enabled
- zone: internal
state: enabled
##### PHP-FPM INTERPRETER #####
# yes/no: enable/disable the default php-fpm pool (www)
# starting php-fpm without any pool defined will cause the service to fail
php_fpm_enable_default_pool: yes