use Content-Security-Policy instead of old X-Frame-Options
[ansible.git] / roles / apache / tasks / main.yml
index 5943499d81585d8c014e8a1ef3c300ee620a1566..fee26efff5be7b765f1e34d53fd537d57f45ade8 100644 (file)
     content: |
       [Unit]
       After=network-online.target
     content: |
       [Unit]
       After=network-online.target
-- name: sysconfig to disable DAD
+      Wants=network-online.target
+      [Service]
+      Restart=on-failure
+- name: cleanup old sysconfig
+  file: path=/etc/sysctl.d/50-no-dad.conf state=absent
+- name: sysconfig to fix IPv6 listening
   copy:
   copy:
-    dest: /etc/sysctl.d/50-no-dad.conf
+    dest: /etc/sysctl.d/50-ipv6-listen.conf
     content: |
     content: |
-      # Disable DAD so network-online.target works for IPv6
-      net.ipv6.conf.all.accept_dad=0
-- name: cleanup cronjob to fix apache startup
-  cron:
-    name: "apache2-start-fix"
-    minute: "*/5"
-    job: "if systemctl is-failed apache2 >/dev/null; then echo 'restarting apache'; systemctl restart apache2; fi"
-    state: absent
+      # Allow binding to IPv6 address before we got that address
+      net.ipv6.ip_nonlocal_bind=1