Update module to synchronize features from other repos (#3)

dgoodellrhy · web-flow · commit d210ddbff1a3 · 2021-12-15T09:09:01.000-05:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -13,6 +13,9 @@ apache_allowed_methods:
   - POST
   - HEAD
 
+apache_allow_server_status_addresses:
+  - 127.0.0.1
+
 # etags almost always cause more trouble than they're worth, unless
 # you're hosting a large repository of filesystem content.
 apache_allow_etags: False
@@ -54,3 +57,7 @@ apache_default_tls_lists:
   veryhigh:
     sslprotocol: '+ALL -sslv3 -sslv2 -TLSv1 -TLSv1.1'
     sslciphersuite: 'EECDH+AES:@STRENGTH'
+
+apache_enable_logrotate: True
+apache_logrotate_compress: False
+apache_logrotate_days: 7
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -72,3 +72,13 @@
     state: started
     enabled: true
   tags: ['apache']
+
+- name: ensure the logrotate config is in place
+  template:
+    src: "etc.logrotate.d.httpd.j2"
+    dest: "/etc/logrotate.d/httpd"
+    owner: root
+    group: root
+    mode: 0640
+  when: apache_enable_logrotate
+  tags: ['logrotate', 'apache']
diff --git a/templates/etc.httpd.conf.httpd.conf.j2 b/templates/etc.httpd.conf.httpd.conf.j2
@@ -122,11 +122,9 @@ ExtendedStatus on
     SetHandler server-status
     Order Deny,Allow
     Deny from all
-    Allow from 127.0.0.1
-    Allow from 10.0.0.0/8
-    Allow from 70.184.247.66
-    Allow from 70.39.246.214
-    Allow from 70.39.246.66
+{% for address in apache_allow_server_status_addresses %}
+    Allow from {{ address }}
+{% endfor %}
 </Location>
 
 
@@ -168,8 +166,8 @@ LogFormat "{ \
   }" json-proxy
 
 
-{% if ansible_distribution_major_version < '7' %}
+{% if ansible_distribution_major_version == '6' %}
 NameVirtualHost *:{{ apache_server_listen_port }}
 {% endif %}
 
-Include conf.d/*.conf
+IncludeOptional conf.d/*.conf
diff --git a/templates/etc.logrotate.d.httpd.j2 b/templates/etc.logrotate.d.httpd.j2
@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+/var/log/httpd/*log {
+    missingok
+    notifempty
+    sharedscripts
+    delaycompress
+    {% if apache_logrotate_compress | default(false) %}
+    compress
+    {% endif %}
+    daily
+    rotate {{ apache_logrotate_days }}
+    postrotate
+        /sbin/service httpd reload > /dev/null 2>/dev/null || true
+    endscript
+}
