external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

roles/nginx/tasks/install.yml: Resolve merge conflict

Browse source
This commit is contained in:
root 2021-08-08 03:03:43 -04:00
commit 144d905d71
38 changed files with 127 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/0-DEPRECATED-ROLES/httpd/README.md Normal file
View file

@ -0,0 +1,3 @@
See also Internet-in-a-Box's new NGINX README.md, evolving here:
[https://github.com/iiab/iiab/tree/master/roles/nginx](../nginx)

18
roles/0-DEPRECATED-ROLES/httpd/defaults/main.yml Normal file
View file

@ -0,0 +1,18 @@
# default_language: en
# language_priority: en es fr
# apache_install: True
# apache_enabled: False
# apache_port: 8090 # NGINX proxies to this IP address, for legacy IIAB services still requiring Apache
# apache_interface: 127.0.0.1
# Make this False to disable http://box/common/services/power_off.php button:
# apache_allow_sudo: True
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
# 2020-02-15: apache_high_php_limits deprecated...
# Please instead set 'nginx_high_php_limits: True' in /etc/iiab/local_vars.yml

17
roles/0-DEPRECATED-ROLES/httpd/tasks/homepage.yml Normal file
View file

@ -0,0 +1,17 @@
# Both invoked in 4-SERVER-OPTIONS, by roles/www_options/tasks/main.yml:
#
# httpd/tasks/homepage.yml
# nginx/tasks/homepage.yml
- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from httpd/templates, so Apache redirects http://box to http://box{{ iiab_home_url }} # /home
template:
src: roles/httpd/templates/iiab-homepage.conf
dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf" # apache2/sites-available (on debuntu)
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'"
command: a2ensite iiab-homepage.conf
#when: apache_enabled
# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled"
# command: a2dissite iiab-homepage.conf
# when: not apache_enabled

156
roles/0-DEPRECATED-ROLES/httpd/tasks/install.yml Normal file
View file

@ -0,0 +1,156 @@
- name: 'Install 2 packages: {{ apache_service }}, libapache2-mod-php{{ php_version }}'
package:
#name: [u'apache2', u'php{{ php_version }}', u'php{{ php_version }}-curl'] # FAILS ('u' for Unicode strings)
#name: ['apache2', 'php{{ php_version }}', 'php{{ php_version }}-curl'] # WORKS?
name:
- "{{ apache_service }}" # apache2 on Debuntu
- libapache2-mod-php{{ php_version }} # 2020-06-15: Required (e.g. for Elgg, Moodle, roles/pbx's FreePBX & possibly others) now that mysql/tasks/install.yml installs "php{{ php_version }}-common" rather than the full "php{{ php_version }}" -- 2021-06-28 FYI: this also drags in libsodium23 (likewise installed via nginx/tasks/install.yml AND moodle/tasks/install.yml)
#- "php{{ php_version }}"
#- "php{{ php_version }}-curl"
state: present
# when: is_debian
# - name: 'Install 2 packages: apache2, php (ubuntu)'
# package:
# #name: [u'apache2', u'php'] # FAILS ('u' for Unicode strings)
# #name: ['apache2', 'php'] # WORKS
# name:
# - "{{ apache_service }}" # apache2 on Debuntu
# - php
# state: present
# when: is_ubuntu
# 2019-05-30: It's interesting that http://box.lan/admin and everything seems
# to work even without php{{ php_version }}-sqlite3 as confirmed on Ubuntu
# 16.04 (SEE PR #1697). And likely all others? @tim-moody writes "I think
# we decided that because sqlite3 and php are part of the base install the
# connector should be too."
#
# We might *try* deprecating this here as we transition beyond {raspbian-9,
# debian-9, ubuntu-18} in coming months to verify that roles/osm-vector-maps
# is the only role that needs it?
#
# Legacy Comment: SQLite3 no longer included in another package
#- name: Install php{{ php_version }}-sqlite3 (raspbian-9+ or debian-9+ or ubuntu-18+)
# package:
# name: "php{{ php_version }}-sqlite3"
# #when: is_raspbian_9 or is_debian_9 or is_ubuntu_18
# when: is_debuntu and (not is_debian_8) and (not is_ubuntu_16)
# #when: (is_debian and ansible_distribution_major_version == "9") or is_ubuntu_18
#- name: 'Install 4 packages: httpd, mod_authnz_external, php, php-curl (redhat)'
# package:
# #name: [u'httpd', u'php', u'php-curl', u'mod_authnz_external'] # FAILS ('u' for Unicode strings)
# #name: ['httpd', 'php', 'php-curl', 'mod_authnz_external'] # WORKS
# name:
# - httpd
# - mod_authnz_external
# - php
# - php-curl
# state: present
# when: is_redhat
# Remove symlinks for mpm_event, replace with mpm_prefork
- name: Remove both mpm_event symlinks from /etc/apache2/mods-enabled
file:
path: "/etc/apache2/mods-enabled/{{ item }}"
state: absent
with_items:
- mpm_event.conf
- mpm_event.load
#when: is_debuntu
- name: Create both mpm_prefork symlinks from /etc/apache2/mods-enabled to /etc/apache2/mods-available
file:
src: "/etc/apache2/mods-available/{{ item }}"
path: "/etc/apache2/mods-enabled/{{ item }}"
state: link
with_items:
- mpm_prefork.conf
- mpm_prefork.load
#when: is_debuntu
- name: 'Enable 5 Apache modules, as with "a2enmod" command: headers, proxy, proxy_html, proxy_http, rewrite (for http://box/kiwix, http://box/kolibri, http://box/nodered, etc)'
apache2_module:
name: "{{ item }}"
with_items:
- headers
- proxy
- proxy_html
- proxy_http
- rewrite
#when: is_debuntu
- name: Remove 000-default.conf from /etc/apache2 and /etc/apache2/sites-enabled
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/apache2/000-default.conf # Not nec on Raspbian. Is this really still needed elsewhere?
- /etc/apache2/sites-enabled/000-default.conf
#when: is_debuntu
- name: Create Apache's pid dir /var/run/{{ apache_user }}
file:
state: directory
path: "/var/run/{{ apache_user }}" # www-data on Debuntu
#owner: root
#group: root
#mode: '0755'
- name: 'Create group: admin'
group:
name: admin
- name: Add user {{ apache_user }} (from variable apache_user) to groups admin,shadow
user:
name: "{{ apache_user }}" # www-data on Debuntu
groups: admin,shadow # 2020-06-04: shadow nec for Admin Console login (this line had been clobbering user www-data's membership in group shadow, as set earlier by nginx/tasks/install.yml, SEE #2431)
createhome: no
- name: Create Apache dir /var/log/{{ apache_service }} ({{ apache_user }}:{{ apache_user }})
file:
state: directory
path: "/var/log/{{ apache_service }}" # apache2 on Debuntu
owner: "{{ apache_user }}" # www-data on Debuntu
group: "{{ apache_user }}"
#mode: '0755'
- name: Install Apache's 010-iiab.conf & proxy_ajp.conf into /etc/apache2/sites-available, from templates
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- { src: 'roles/httpd/templates/010-iiab.conf.j2', dest: '/etc/{{ apache_conf_dir }}/010-iiab.conf' }
- { src: 'roles/httpd/templates/proxy_ajp.conf.j2', dest: '/etc/{{ apache_conf_dir }}/proxy_ajp.conf' }
- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite 010-iiab.conf'"
command: a2ensite 010-iiab.conf
#when: apache_enabled
# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite 010-iiab.conf', if not apache_enabled"
# command: a2dissite 010-iiab.conf
# when: not apache_enabled
- debug:
msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
# - include_tasks: roles/httpd/tasks/homepage.yml
- name: Run 'systemctl daemon-reload'
systemd:
daemon_reload: yes
# RECORD Apache AS INSTALLED
- name: "Set 'apache_installed: True'"
set_fact:
apache_installed: True
- name: "Add 'apache_installed: True' to {{ iiab_state_file }}"
lineinfile:
path: "{{ iiab_state_file }}" # /etc/iiab/iiab_state.yml
regexp: '^apache_installed'
line: 'apache_installed: True'

63
roles/0-DEPRECATED-ROLES/httpd/tasks/main.yml Normal file
View file

@ -0,0 +1,63 @@
# "How do i fail a task in Ansible if the variable contains a boolean value?
# I want to perform input validation for Ansible playbooks"
# https://stackoverflow.com/questions/46664127/how-do-i-fail-a-task-in-ansible-if-the-variable-contains-a-boolean-value-i-want/46667499#46667499
# We assume 0-init/tasks/validate_vars.yml has DEFINITELY been run, so no need
# to re-check whether vars are defined here. As Ansible vars cannot be unset:
# https://serverfault.com/questions/856729/how-to-destroy-delete-unset-a-variable-value-in-ansible
- name: Assert that "apache_install is sameas true" (boolean not string etc)
assert:
that: apache_install is sameas true
fail_msg: "PLEASE SET 'apache_install: True' e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- name: Assert that "apache_enabled | type_debug == 'bool'" (boolean not string etc)
assert:
that: apache_enabled | type_debug == 'bool'
fail_msg: "PLEASE GIVE VARIABLE 'apache_enabled' A PROPER (UNQUOTED) ANSIBLE BOOLEAN VALUE e.g. IN: /etc/iiab/local_vars.yml"
quiet: yes
- debug:
var: apache_install
- debug:
var: apache_enabled
- debug:
var: apache_installed
- name: Install Apache if 'apache_installed' not defined, e.g. in {{ iiab_state_file }} # /etc/iiab/iiab_state.yml
include_tasks: install.yml
when: apache_installed is undefined
- name: Enable & Start-if-nec {{ apache_service }} systemd service, if apache_enabled
systemd:
name: "{{ apache_service }}"
enabled: yes
state: started # No need to restart, as many IIAB apps do that later
when: apache_enabled
- name: Disable & Stop {{ apache_service }} systemd service, if not apache_enabled
systemd:
name: "{{ apache_service }}"
enabled: no
state: stopped
when: not apache_enabled
- name: Add 'apache' variable values to {{ iiab_ini_file }}
ini_file:
path: "{{ iiab_ini_file }}" # /etc/iiab/iiab.ini
section: apache
option: "{{ item.option }}"
value: "{{ item.value | string }}"
with_items:
- option: name
value: Apache
- option: description
value: '"The Apache HTTP Server (''httpd'')."'
- option: apache_install
value: "{{ apache_install }}"
- option: apache_enabled
value: "{{ apache_enabled }}"

568
roles/0-DEPRECATED-ROLES/httpd/templates/010-iiab.conf.j2 Executable file
View file

@ -0,0 +1,568 @@
# This configuration file supplements the main Apache
# server configuration file (conf/httpd.conf). It contains the
# configuration directives that specifically relate to the
# IIAB Schoolserver.
#
# Some of the choices are a bit subjective, but in general directives
# that are still valid in 2.4 are left if they override something
# in conf/httpd.conf.
#
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# The following token will be replaced to select IfDefine clause later
{% if ansible_memtotal_mb < 512 %}
define MEM256m
{% endif %}
{% if ansible_memtotal_mb > 512 and ansible_memtotal_mb < 1000 %}
define MEM512m
{% endif %}
#
# Don't give away too much information about all the subcomponents
# we are running. Comment out this line if you don't mind remote sites
# finding out what major optional modules you are running
ServerTokens OS
#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
# PidFile run/httpd.pid - this must be legacy
# 2.4 default is /run/httpd/httpd.pid
#
# Timeout: The number of seconds before receives and sends time out.
#
# Timeout 120
#
# 2020-01-15: To mitigate the worst of Kiwix search timeouts, let's comment out
# the above "Timeout 120" and defer to Apache default "Timeout 300" as set in:
# /etc/apache2/apache2.conf
# Let's very soon also raise NGINX default "proxy_read_timeout 60s;" within:
# /etc/nginx/nginx.conf OR...
# /etc/nginx/server.conf OR...
# /etc/nginx/proxy_params AND POSSIBLY ALSO...
# /etc/nginx/conf.d/kiwix-nginx.conf
# These 2 NGINX defaults might also need changing on overtaxed IIAB servers...?
# proxy_connect_timeout 60s; # time to answer the door bell
# proxy_send_timeout 60s; # time to accept the request
# More background details on this ongoing Kiwix problem:
# https://github.com/iiab/iiab/pull/2063
# https://github.com/iiab/iiab/issues/2152
# https://github.com/kiwix/kiwix-tools/issues/345
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 10
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 1
##
## Server-Pool Size Regulation (MPM specific)
##
# prefork MPM
# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule prefork.c>
<IfDefine MEM256m>
# Keep MaxClients matched to Pg
StartServers 4
MinSpareServers 1
MaxSpareServers 2
ServerLimit 12
MaxClients 12
MaxRequestsPerChild 10
</IfDefine>
<IfDefine MEM512m>
# Keep MaxClients matched to Pg
StartServers 4
MinSpareServers 1
MaxSpareServers 4
ServerLimit 25
MaxClients 25
MaxRequestsPerChild 20
</IfDefine>
<IfDefine MEM1024m>
# Keep MaxClients matched to Pg
StartServers 4
MinSpareServers 2
MaxSpareServers 4
ServerLimit 42
MaxClients 42
MaxRequestsPerChild 30
</IfDefine>
<IfDefine MEM2048m>
# Keep MaxClients matched to Pg
StartServers 4
MinSpareServers 2
MaxSpareServers 6
ServerLimit 55
MaxClients 55
MaxRequestsPerChild 50
</IfDefine>
</IfModule>
# worker MPM
# StartServers: initial number of server processes to start
# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule worker.c>
StartServers 2
MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxRequestsPerChild 0
</IfModule>
#
# Listen: take default
#
### Section 2: 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
ServerName {{ iiab_hostname }}
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
UseCanonicalName Off
#
# DocumentRoot: This is the default, but we keep the directive
# so it doesn't move in some future version.
#
DocumentRoot "{{ doc_root }}"
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<VirtualHost *:80>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerName {{ iiab_hostname }}
ServerAlias {{ iiab_hostname }}.{{ iiab_domain }}
<Directory "{{ doc_root }}">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
</VirtualHost>
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
UserDir disable
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disable" line above, and uncomment
# the following line instead:
#
#UserDir public_html
</IfModule>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
# The index.html.var file (a type-map) is used to deliver content-
# negotiated documents. The MultiViews Option can be used for the
# same purpose, but it is much slower.
#
# IIAB has both multiview and .var strategies
DirectoryIndex index.html index.html.var
#
# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives. See also the AllowOverride
# directive.
#
# is this still needed
#
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Require all denied
</Files>
#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off
#
# Not sure what this does or if the syntax is correct
# this should be in moodle conf
#
<IfModule log_config_module>
CustomLog /var/log/moodle_access_log moodleformat
</IfModule>
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature On
#
# Aliases: Add here as many aliases as you need (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/share/httpd/icons/"
<Directory "/usr/share/httpd/icons">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Require all granted
</Directory>
#
# WebDAV module configuration section.
#
<IfModule mod_dav_fs.c>
# Location of the WebDAV lock database.
DAVLockDB /var/lib/dav/lockdb
</IfModule>
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "{{ doc_base }}/cgi-bin/"
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "{{ doc_base }}/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Directives controlling the display of server-generated directory listings.
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions. These are only displayed for
# FancyIndexed directories.
#
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
#
# DefaultIcon is which icon to show for files which do not have an icon
# explicitly set.
#
DefaultIcon /icons/unknown.gif
#
# AddDescription allows you to place a short description after a file in
# server-generated indexes. These are only displayed for FancyIndexed
# directories.
# Format: AddDescription "description" filename
#
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
#
# ReadmeName is the name of the README file the server will look for by
# default, and append to directory listings.
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName README.html
HeaderName HEADER.html
#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing. Shell-style wildcarding is permitted.
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
#
# DefaultLanguage and AddLanguage allows you to specify the language of
# a document. You can then use content negotiation to give a browser a
# file in a language the user can understand.
#
# Specify a default language. This means that all data
# going out without a specific language tag (see below) will
# be marked with this one. You probably do NOT want to set
# this unless you are sure it is correct for all cases.
#
# * It is generally better to not mark a page as
# * being a certain language than marking it with the wrong
# * language!
#
# DefaultLanguage nl
#
# Note 1: The suffix does not have to be the same as the language
# keyword --- those with documents in Polish (whose net-standard
# language code is pl) may wish to use "AddLanguage pl .po" to
# avoid the ambiguity with the common suffix for perl scripts.
#
# Note 2: The example entries below illustrate that in some cases
# the two character 'Language' abbreviation is not identical to
# the two character 'Country' code for its country,
# E.g. 'Danmark/dk' versus 'Danish/da'.
#
# Note 3: In the case of 'ltz' we violate the RFC by using a three char
# specifier. There is 'work in progress' to fix this and get
# the reference data for rfc1766 cleaned up.
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hi .hi
AddLanguage ht .ht
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage ne .ne
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
DefaultLanguage {{ default_language }}
LanguagePriority {{ language_priority }}
ForceLanguagePriority Fallback
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /var/www/error/include/ files and
# copying them to /your/include/path/, even on a per-VirtualHost basis.
#
Alias /error/ "{{ doc_base }}/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "{{ doc_base }}/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
Require all granted
LanguagePriority en es de fr
ForceLanguagePriority Prefer Fallback
</Directory>
# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
# ErrorDocument 410 /error/HTTP_GONE.html.var
# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

9
roles/0-DEPRECATED-ROLES/httpd/templates/iiab-homepage.conf Normal file
View file

@ -0,0 +1,9 @@
# IIAB Home Page
# Redirect to home page on School Server
# Default [was] xs-portal [and is now generally] home
# RedirectMatch of root to homepage
# See the note in default_vars.yml
RedirectMatch ^/$ {{ iiab_home_url }}

21
roles/0-DEPRECATED-ROLES/httpd/templates/proxy_ajp.conf.j2 Executable file
View file

@ -0,0 +1,21 @@
<IfModule mod_proxy.c>
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
#
# When loaded, the mod_proxy_ajp module adds support for
# proxying to an AJP/1.3 backend server (such as Tomcat).
# To proxy to an AJP backend, use the "ajp://" URI scheme;
# Tomcat is configured to listen on port 8009 for AJP requests
# by default.
#
#
# Uncomment the following lines to serve the ROOT webapp
# under the /tomcat/ location, and the jsp-examples webapp
# under the /examples/ location.
#
#ProxyPass /tomcat/ ajp://localhost:8009/
#ProxyPass /examples/ ajp://localhost:8009/jsp-examples/
</IfModule>