AWStats + Calibre-Web + Gitea + Kiwix + Munix W/O Apache

roles/awstats/tasks/install.yml

@@ -1,38 +1,31 @@
-# TO DO:
-#
-# Prepare for a possible future w/o Apache by verifying/refining below...
-# - 5 'when: apache_installed is defined'  (2021-05-21: COMMENT OUT THESE STANZAS SOON!?)
-# - 1 'when: nginx_install'
-# - 8 core stanzas w/o such 'when:' clauses
-
 - name: 'Install package: awstats'
   package:
     name: awstats
     state: present
 
-- name: 'Install package: pwauth (when: apache_installed is defined)'
+# - name: 'Install package: pwauth (when: apache_installed is defined)'
-  package:
+#   package:
-    name:
+#     name:
-      - pwauth    # Auto-installs apache2-bin and libapache2-mod-authnz-external
+#       - pwauth    # Auto-installs apache2-bin and libapache2-mod-authnz-external
-      #- apache2-utils    # Unneeded?  (In any case, already installed by Apache itself.)
+#       #- apache2-utils    # Unneeded?  (In any case, already installed by Apache itself.)
-      #- openssl    # Unneeded?  (In any case, already installed by most every Linux distro.)
+#       #- openssl    # Unneeded?  (In any case, already installed by most every Linux distro.)
-    state: present
+#     state: present
-  when: apache_installed is defined
+#   when: apache_installed is defined
-
+#
-- name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
+# - name: "Run 'a2enmod cgi' to enable cgi execution via Apache (when: apache_installed is defined)"
-  command: a2enmod cgi
+#   command: a2enmod cgi
-  when: apache_installed is defined
+#   when: apache_installed is defined
-
+#
-- name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
+# - name: 'Create directory... mkdir {{ apache_log_dir }}, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx (when: apache_installed is defined)'
-  file:
+#   file:
-    state: directory
+#     state: directory
-    recurse: yes
+#     recurse: yes
-    path: "{{ apache_log_dir }}"    # /var/log/apache2 on debuntu
+#     path: "{{ apache_log_dir }}"    # /var/log/apache2 on debuntu
-    owner: "{{ apache_user }}"      # www-data on debuntu
+#     owner: "{{ apache_user }}"      # www-data on debuntu
-    group: "{{ apache_user }}"
+#     group: "{{ apache_user }}"
-    mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
+#     mode: u+rw,g+r,g-w,o-rwx    # '0750' turned on too many x bits
-    #force: yes
+#     #force: yes
-  when: apache_installed is defined
+#   when: apache_installed is defined
 
 - name: Create 2 directories... mkdir {{ awstats_data_dir }} (intermediate summary storage) and /usr/lib/cgi-bin/awstats, recursively chown {{ apache_user }}:{{ apache_user }}, with chmod u+rw,g+r,g-w,o-rwx
   file:
@@ -47,17 +40,17 @@
     - "{{ awstats_data_dir }}"    # /library/awstats
     - /usr/lib/cgi-bin/awstats    # create backward compatible path for awstats
 
-- name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
+# - name: 'Install /etc/{{ apache_conf_dir }}/awstats.conf from template (when: apache_installed is defined)'
-  template:
+#   template:
-    src: apache-awstats.conf
+#     src: apache-awstats.conf
-    dest: "/etc/{{ apache_conf_dir }}/awstats.conf"    # apache2/sites-available on debuntu
+#     dest: "/etc/{{ apache_conf_dir }}/awstats.conf"    # apache2/sites-available on debuntu
-  when: apache_installed is defined
+#   when: apache_installed is defined
-
+#
-- name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
+# - name: "Install /etc/logrotate.d/apache2 from template, to ensure logrotate doesn't make logs unreadable (when: apache_installed is defined)"
-  template:
+#   template:
-    src: logrotate.d.apache2
+#     src: logrotate.d.apache2
-    dest: /etc/logrotate.d/apache2
+#     dest: /etc/logrotate.d/apache2
-  when: apache_installed is defined
+#   when: apache_installed is defined
 
 - name: Does /etc/awstats/awstats.conf exist?
   stat:
@@ -96,7 +89,6 @@
   template:
     src: cgi-bin.php
     dest: /etc/nginx/
-  when: nginx_install
 
 
 # RECORD AWStats AS INSTALLED

roles/awstats/tasks/main.yml

@@ -24,13 +24,8 @@
   when: awstats_installed is undefined
 
 
-- name: Enable/Disable/Restart Apache if primary
+- name: Enable/Disable/Restart NGINX
-  include_tasks: apache.yml
-  when: not nginx_enabled
-
-- name: Enable/Disable/Restart NGINX if primary
   include_tasks: nginx.yml
-  when: nginx_enabled
 
 
 - name: Add 'awstats' variable values to {{ iiab_ini_file }}

roles/calibre-web/tasks/install.yml

@@ -13,7 +13,7 @@
     line: '  <policy domain="coder" rights="read" pattern="PDF" />'
     state: present
 
-- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }})"
+- name: "Create 3 Calibre-Web folders to store data and config files: {{ calibreweb_home }}, {{ calibreweb_venv_path }}, {{ calibreweb_config }} (all set to {{ calibreweb_user }}:{{ apache_user }}) (default to 0755)"
   file:
     state: directory
     path: "{{ item }}"
@@ -57,12 +57,6 @@
     src: calibre-web.service.j2
     dest: /etc/systemd/system/calibre-web.service
 
-- name: Install /etc/{{ apache_conf_dir }}/calibre-web.conf from template, for http://box{{ calibreweb_url1 }}, http://box{{ calibreweb_url2 }}, http://box{{ calibreweb_url3 }} via Apache    # http://box/books, http://box/libros, http://box/livres
-  template:
-    src: calibre-web.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/calibre-web.conf"    # apache2/sites-available on debuntu
-  when: apache_installed is defined
-
 - name: Does /library/calibre-web/metadata.db exist?
   stat:
     path: /library/calibre-web/metadata.db

roles/calibre-web/tasks/main.yml

@@ -39,13 +39,8 @@
     state: stopped
   when: not calibreweb_enabled
 
-- name: Enable/Disable/Restart Apache if primary
+- name: Enable/Disable/Restart NGINX
-  include_tasks: apache.yml
-  when: not nginx_enabled
-
-- name: Enable/Disable/Restart NGINX if primary
   include_tasks: nginx.yml
-  when: nginx_enabled
 
 
 - name: Add 'calibre-web' variable values to {{ iiab_ini_file }}

roles/gitea/defaults/main.yml

@@ -9,13 +9,13 @@
 
 # Info needed to install Gitea:
 
-gitea_version: 1.14    # 2021-03-07: Had been fine-grained, e.g. 1.13.4
+gitea_version: 1.14    # 2021-03-07: Grabs latest point release from this branch.  Rather than hardcoding each, e.g. 1.14.5
 iset_suffixes:
   i386: 386
   x86_64: amd64
   aarch64: arm64
   armv6l: arm-6
-  armv7l: arm-6   # "arm-7" used to work, but no longer since 2019-04-20's Gitea 1.8.0: https://github.com/iiab/iiab/issues/1673 https://github.com/iiab/iiab/pull/1713 -- 2019-07-31: ARM7 support will return at some point, according to: https://github.com/go-gitea/gitea/pull/7037#issuecomment-516735216 (what about ARM8 support for RPi 4?)
+  armv7l: arm-6    # "arm-7" used to work, but no longer since 2019-04-20's Gitea 1.8.0: https://github.com/iiab/iiab/issues/1673 https://github.com/iiab/iiab/pull/1713 -- 2019-07-31: ARM7 support will return at some point, according to: https://github.com/go-gitea/gitea/pull/7037#issuecomment-516735216 (what about ARM8 support for RPi 4?)
 
 gitea_iset_suffix: "{{ iset_suffixes[ansible_architecture] | default('unknown') }}"
 

roles/gitea/tasks/install.yml

@@ -18,7 +18,7 @@
     groups: gitea
     home: "{{ gitea_home }}"    # /home/gitea
 
-- name: Create Gitea directory structure
+- name: Create {{ gitea_root_directory }} directory structures
   file:
     path: "{{ gitea_root_directory }}/{{ item }}"    # /library/gitea
     state: directory
@@ -43,15 +43,15 @@
     msg: "Could not find a binary for the CPU architecture \"{{ ansible_architecture }}\""
   when: gitea_iset_suffix == "unknown"
 
-- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (~103 MB, CAN TAKE 20 MIN)
+- name: Download Gitea binary {{ gitea_download_url }} to {{ gitea_install_path }} (0775, ~104 MB)
   get_url:
     url: "{{ gitea_download_url }}"
-    dest: "{{ gitea_install_path }}"
+    dest: "{{ gitea_install_path }}"    # e.g. /library/gitea/bin/gitea-1.14
-    mode: '0775'
+    mode: 0775
     timeout: "{{ download_timeout }}"
   when: internet_available
 
-- name: Download Gitea GPG signature
+- name: Download Gitea GPG signature {{ gitea_integrity_url }} to {{ gitea_checksum_path }}
   get_url:
     url: "{{ gitea_integrity_url }}"
     dest: "{{ gitea_checksum_path }}"
@@ -79,36 +79,30 @@
 # Gitea. User gitea needs write permissions during the first run but not 
 # subsequent runs.
 
-- name: mkdir /etc/gitea
+- name: mkdir /etc/gitea (0770)
   file:
     state: directory
     path: /etc/gitea
     owner: root
     group: gitea
-    mode: '0770'
+    mode: 0770
 
-- name: Install /etc/gitea/app.ini from template
+- name: Install /etc/gitea/app.ini from template (0664)
   template:
     src: app.ini.j2
     dest: /etc/gitea/app.ini
     owner: root
     group: gitea
-    mode: '0664'
+    mode: 0664
 
 
-# 4. Create systemd service & prepare Apache for http://box/gitea
+# 4. Create systemd service & prepare NGINX for http://box/gitea
 
 - name: "Install from template: /etc/systemd/system/gitea.service"
   template:
     src: gitea.service.j2
     dest: /etc/systemd/system/gitea.service
 
-- name: "Install from template: /etc/{{ apache_conf_dir }}/gitea.conf"
-  template:
-    src: gitea.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/gitea.conf"    # apache2/sites-available
-  when: apache_installed is defined
-
 
 # 5. RECORD Gitea AS INSTALLED
 

roles/gitea/tasks/main.yml

@@ -39,13 +39,8 @@
     state: stopped
   when: not gitea_enabled
 
-- name: Enable/Disable/Restart Apache if primary
+- name: Enable/Disable/Restart NGINX
-  include_tasks: apache.yml
-  when: not nginx_enabled
-
-- name: Enable/Disable/Restart NGINX if primary
   include_tasks: nginx.yml
-  when: nginx_enabled
 
 
 - name: Add 'gitea' to list of services at {{ iiab_ini_file }}

roles/kiwix/tasks/enable-or-disable.yml

@@ -39,10 +39,5 @@
   when: kiwix_enabled and is_redhat
 
 
-- name: Enable/Disable/Restart Apache if primary
+- name: Enable/Disable/Restart NGINX
-  include_tasks: apache.yml
-  when: not nginx_enabled
-
-- name: Enable/Disable/Restart NGINX if primary
   include_tasks: nginx.yml
-  when: nginx_enabled

roles/kiwix/tasks/install.yml

@@ -39,7 +39,7 @@
     timeout: "{{ download_timeout }}"
   when: internet_available
 
-- name: "Create dirs, including parent dirs: {{ kiwix_path }}/bin (executables), {{ iiab_zim_path }}/content (ZIM files), {{ iiab_zim_path }}/index (legacy indexes)"
+- name: "Create dirs, including parent dirs: {{ kiwix_path }}/bin (executables), {{ iiab_zim_path }}/content (ZIM files), {{ iiab_zim_path }}/index (legacy indexes) (by default 0755)"
   file:
     path: "{{ item }}"
     state: directory
@@ -104,13 +104,6 @@
   systemd:
     daemon_reload: yes
 
-- name: "Install from template: /etc/{{ apache_conf_dir }}/kiwix.conf"
-  template:
-    src: kiwix.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/kiwix.conf"    # apache2/sites-available
-    #mode: '0644'
-  when: apache_installed is defined
-
 # install kiwix app
 - name: Install Kiwix Android app
   include_tasks: kiwix-apk.yml

roles/munin/tasks/install.yml

@@ -1,37 +1,25 @@
-- name: "Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl, libapache2-mod-fcgid (debuntu)"
+- name: "Install 5 packages: munin, munin-node, munin-plugins-extra, libcgi-fast-perl"
   package:
     name:
       - munin
       - munin-node
       - munin-plugins-extra
       - libcgi-fast-perl
-#      - libapache2-mod-fcgid
+      #- libapache2-mod-fcgid
     state: present
-  when: is_debuntu
 
-- name: "Install 2 packages: munin, munin-node (OS's other than debuntu)"
+# - name: "Install 2 packages: munin, munin-node (OS's other than debuntu)"
-  package:
+#   package:
-    name:
+#     name:
-      - munin
+#       - munin
-      - munin-node
+#       - munin-node
-    state: present
+#     state: present
-  when: not is_debuntu
+#   when: not is_debuntu
-
-#- name: 'Install from template: /etc/munin/munin.conf'
-#  template:
-#    src: munin.conf.j2
-#    dest: /etc/munin/munin.conf
-
-- name: 'Install from template: /etc/{{ apache_conf_dir }}/munin24.conf'
-  template:
-    src: munin24.conf.j2
-    dest: "/etc/{{ apache_conf_dir }}/munin24.conf"    # apache2/sites-available
-  when: apache_installed is defined
 
 - name: Establish username/password Admin/changeme in /etc/munin/munin-htpasswd
   htpasswd:
     path: /etc/munin/munin-htpasswd
-    name: "{{ munin_username}}"    # Admin
+    name: "{{ munin_username}}"         # Admin
     password: "{{ munin_password }}"    # changeme
 
 - name: If MySQL is enabled, let Munin monitor it

roles/munin/tasks/main.yml

@@ -39,13 +39,8 @@
     state: stopped
   when: not munin_enabled
 
-- name: Enable/Disable/Restart Apache if primary
+- name: Enable/Disable/Restart NGINX
-  include_tasks: apache.yml
-  when: not nginx_enabled
-
-- name: Enable/Disable/Restart NGINX if primary
   include_tasks: nginx.yml
-  when: nginx_enabled
 
 
 - name: Add 'munin' variable values to {{ iiab_ini_file }}

roles/nginx/README.md

@@ -15,13 +15,18 @@
    1. These support "Native" NGINX but ***NOT*** Apache
 
       * Admin Console
+      * awstats
+      * calibre-web
       * captiveportal
+      * gitea
       * IIAB documentation (http://box/info)
       * jupyterhub
+      * kiwix
       * kolibri
       * lokole
       * mediawiki
       * moodle
+      * munin
       * nextcloud
       * nodered
       * OER2Go/RACHEL modules
@@ -32,11 +37,7 @@
 
    2. These support "Native" NGINX ***AND*** Apache, a.k.a. "dual support" for legacy testing (if suitable "Shims" from *Section iii.* below are preserved!)  Both "Native" NGINX and "Shim" proxying from NGINX to Apache port 8090 *cannot be enabled simultaneously* for these IIAB Apps/Service:<!--But if you want to attempt their "Shim" proxying legacy testing mode, try setting your *primary web server* to Apache using `apache_install: True` and `apache_enabled: True` (and `nginx_enabled: False` to disable NGINX) in [/etc/iiab/local_vars.yml](http://wiki.laptop.org/go/IIAB/FAQ#What_is_local_vars.yml_and_how_do_I_customize_it.3F) before you install IIAB.  You may also need to run `cd /opt/iiab/iiab; ./runrole httpd` since this has been removed from [roles/3-base-server/tasks/main.yml](https://github.com/iiab/iiab/blob/master/roles/3-base-server/tasks/main.yml)-->
 
-      * awstats
+      * NONE: Apache support is being fully removed starting 2021-07-06.
-      * calibre-web
-      * gitea
-      * kiwix
-      * munin
 
    3. These support Apache but ***NOT*** "Native" NGINX.  They use a "Shim" to [proxy_pass](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) from NGINX to Apache on port 8090.  See [roles/3-base-server/tasks/main.yml#L11](../3-base-server/tasks/main.yml#L11) for a list of ~6 IIAB Apps/Services that auto-enable Apache.