X-Git-Url: https://git.ralfj.de/ansible.git/blobdiff_plain/7fdacc01ac7ea0c81a80951bf1d6f70d885fb63d..f7b0d8fc034f2cfdc2a89d6d5857df258fe9fbc4:/roles/apache/tasks/main.yml diff --git a/roles/apache/tasks/main.yml b/roles/apache/tasks/main.yml index 62f39e8..fee26ef 100644 --- a/roles/apache/tasks/main.yml +++ b/roles/apache/tasks/main.yml @@ -24,15 +24,17 @@ dest: /etc/apache2/log-anon src: files/log-anon mode: +x + notify: apache - name: install shared config files - copy: + template: dest: /etc/apache2/conf-available/{{ item }} - src: files/{{ item }} + src: templates/{{ item }} loop: - ssl.conf - acme-challenge.conf - php5.conf - security.conf + - defaults.conf notify: apache - name: enable config files command: a2enconf {{ item }} @@ -41,6 +43,7 @@ loop: - ssl - security + - defaults notify: apache - name: disable config files command: a2disconf {{ item }} @@ -48,9 +51,30 @@ removes: /etc/apache2/conf-enabled/{{ item }}.conf loop: - other-vhosts-access-log + - serve-cgi-bin notify: apache - name: install default site template: dest: /etc/apache2/sites-available/000-default.conf src: templates/000-default.conf notify: apache +# IPv6 autconf issues: DAD makes addresses appear but unusable, which breaks services startup +- name: tweak apache systemd unit (create dir) + file: path=/etc/systemd/system/apache2.service.d state=directory +- name: tweak apache systemd unit + copy: + dest: /etc/systemd/system/apache2.service.d/override.conf + content: | + [Unit] + After=network-online.target + Wants=network-online.target + [Service] + Restart=on-failure +- name: cleanup old sysconfig + file: path=/etc/sysctl.d/50-no-dad.conf state=absent +- name: sysconfig to fix IPv6 listening + copy: + dest: /etc/sysctl.d/50-ipv6-listen.conf + content: | + # Allow binding to IPv6 address before we got that address + net.ipv6.ip_nonlocal_bind=1