Try roles/www_back_end in Stage 3 & roles/www_front_end in Stage 4

roles/3-base-server/tasks/main.yml

@@ -8,10 +8,11 @@
     name: mysql
   when: mysql_install | bool
 
-- name: WEB_SUPPORT
+- name: WWW_BACK_END (WWW_FRONT_END should be installed later)
   include_role:
-    name: web_support
-  when: apache_install or nginx_install
+    name: www_back_end
+  # when: www_back_end | bool
+  # when: apache_install or nginx_install
 
 - name: HTTPD (Apache)
   include_role:

roles/4-server-options/tasks/main.yml

@@ -27,11 +27,6 @@
     name: usb_lib
   when: usb_lib_install | bool
 
-# 2020-02-12: what was roles/homepage lives in roles/web_support & roles/httpd
-# for now.  Eventually softcoding of iiab_home_url should happen everywhere
-# (incl Admin Console) to allow more field options, e.g. changing
-# /library/www/html/home even when offline...
-
 - name: CUPS
   include_role:
     name: cups
@@ -42,25 +37,16 @@
     name: samba
   when: samba_install | bool
 
-# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ?
-# COMPARE apache_high_php_limits @ web_support/tasks/main.yml
+# 2020-02-12: what was roles/homepage lives in roles/www_back_end &
+# roles/www_front_end for now.  Eventually softcoding of iiab_home_url
+# should happen everywhere (incl Admin Console) to allow more field
+# options, e.g. changing /library/www/html/home even when offline...
 
-- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
-  template:
-    src: roles/web_support/templates/020_apache_poweroff.j2
-    dest: /etc/sudoers.d/020_apache_poweroff
-    mode: '0755'
-  when: apache_allow_sudo | bool
-
-- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff
-  file:
-    path: /etc/sudoers.d/020_apache_poweroff
-    state: absent
-  when: not apache_allow_sudo
-
-- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/web_support/tasks/main.yml)
-  command: /usr/bin/iiab-refresh-wiki-docs
-  when: internet_available and not nodocs
+- name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier)
+  include_role:
+    name: www_front_end
+  # when: www_front_end | bool
+  # when: apache_install or nginx_install
 
 - name: Recording STAGE 4 HAS COMPLETED ==================
   lineinfile:

roles/9-local-addons/tasks/main.yml

@@ -30,8 +30,8 @@
     name: calibre-web
   when: calibreweb_install | bool
 
-# Could split these two below to Stage 10?  2020-02-11: Experimentally moving
-# stuff below to roles/web_support, 4-server-options, roles/httpd, roles/nginx.
+# Could split these two below to Stage 10?  2020-02-12: Experimentally moving
+# stuff to roles/3-base-server, 4-server-options, roles/httpd, roles/nginx.
 
 # - name: "Set 'nginx_enabled: True'"
 #   set_fact:

roles/httpd/tasks/homepage.yml

@@ -0,0 +1,17 @@
+# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml:
+#
+# httpd/tasks/homepage.yml
+# nginx/tasks/homepage.yml
+
+- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from httpd/templates, so Apache redirects http://box to http://box{{ iiab_home_url }}    # /home
+  template:
+    src: roles/httpd/templates/iiab-homepage.conf
+    dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"    # apache2/sites-available (on debuntu)
+
+- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'"
+  command: a2ensite iiab-homepage.conf
+  #when: apache_enabled | bool
+
+# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled"
+#   command: a2dissite iiab-homepage.conf
+#   when: not apache_enabled

roles/httpd/tasks/install.yml

@@ -156,26 +156,9 @@
 #   command: a2dissite 010-iiab.conf
 #   when: not apache_enabled
 
-# MOVED FROM roles/homepage/tasks/main.yml (as NGINX-only IIAB's won't need it)
-# and 'mkdir /library/www/html/home' is now done by web_support/tasks/main.yml
-# for Admin Console which hard-codes that as a requirement, as of 2020-02-12.
-#
-# './runrole --reinstall apache' is a decent solution today, for folks needing
-# changes, but to make sure such things work in the field/offline/etc: soft-
-# coding of iiab_home_url should probably be taken more seriously thruout IIAB!
-#
-- name: Install /etc/{{ apache_conf_dir }}/iiab-homepage.conf from template, for http://box redirect to http://box/home/
-  template:
-    src: iiab-homepage.conf
-    dest: "/etc/{{ apache_conf_dir }}/iiab-homepage.conf"
-
-- name: "IN CASE NGINX IS DISABLED: Enable iiab-homepage.conf via Apache (e.g. on port 80) by running 'a2ensite iiab-homepage.conf'"
-  command: a2ensite iiab-homepage.conf
-  #when: apache_enabled | bool
-
-# - name: Disable IIAB pages via Apache (e.g. on port 80) by running 'a2dissite iiab-homepage.conf', if not apache_enabled"
-#   command: a2dissite iiab-homepage.conf
-#   when: not apache_enabled
+- debug:
+    msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
+# - include_tasks: roles/httpd/tasks/homepage.yml
 
 # - name: Enable & Stop '{{ apache_service }}' systemd service
 #   systemd:

roles/nginx/tasks/enable-or-disable.yml

@@ -6,13 +6,13 @@
 - name: Install /etc/{{ apache_service }}/ports.conf from template 1 of 2 (ports.conf.j2) if nginx_enabled, to enable Apache port {{ apache_port }} localhost only
   template:
     src: ports.conf.j2
-    dest: "/etc/{{ apache_service }}/ports.conf"    # apache2 or httpd
+    dest: "/etc/{{ apache_service }}/ports.conf"
   when: nginx_enabled | bool
 
 - name: Install /etc/{{ apache_service }}/ports.conf from template 2 of 2 (stock-apache-ports.conf) if not nginx_enabled, to disable Apache port {{ apache_port }} localhost only
   template:
     src: stock-apache-ports.conf
-    dest: "/etc/{{ apache_service }}/ports.conf"    # apache2 or httpd
+    dest: "/etc/{{ apache_service }}/ports.conf"
   when: not nginx_enabled
 
 - name: Enable & Restart '{{ apache_service }}' if apache_enabled or not nginx_enabled, since we stopped it

roles/nginx/tasks/homepage.yml

@@ -0,0 +1,9 @@
+# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml:
+#
+# httpd/tasks/homepage.yml
+# nginx/tasks/homepage.yml
+
+- name: Install {{ nginx_conf_dir }}/iiab.conf from nginx/templates, so NGINX redirects http://box to http://box{{ iiab_home_url }}    # /home
+  template:
+    src: roles/nginx/templates/iiab.conf.j2
+    dest: "{{ nginx_conf_dir }}/iiab.conf"    # /etc/nginx/conf.d

roles/nginx/tasks/install.yml

@@ -35,7 +35,7 @@
     path: /etc/nginx/sites-enabled/default
     state: absent
 
-- name: 'Install 3 files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, {{ nginx_conf_dir }}/iiab.conf'
+- name: 'Install 2 (of 4) files from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
@@ -43,9 +43,13 @@
     - { src: 'server.conf.j2', dest: '/etc/nginx/server.conf' }
     - { src: 'nginx.conf.j2', dest: '/etc/nginx/nginx.conf' }
     #- { src: 'ports.conf.j2', dest: '/etc/{{ apache_service }}/ports.conf' }    # Moved to enable-or-disable.yml
-    - { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # /etc/nginx/conf.d
+    #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml below
 
-# php-stem extension installed by roles/web_support/tasks/php-stem.yml
+- debug:
+    msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
+# - include_tasks: roles/nginx/tasks/homepage.yml
+
+# php-stem extension installed by roles/www_back_end/tasks/php-stem.yml
 # here it is linked to php-fpm
 - name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini
   file:

roles/www_back_end/tasks/main.yml

@@ -1,10 +1,16 @@
+# Role "www_back_end" runs here, probably in 3-BASE-SERVER.
+# Role "www_front_end" runs later, likely in 4-SERVER-OPTIONS.
+#
+# (Don't take either name too literally!)
+
+
 - include_tasks: html.yml
 
 
 - include_tasks: php-stem.yml
 
 # 2020-02-12: DOES THE FLAG BELOW (apache_high_php_limits) WORK WITH NGINX TOO?
-# COMPARE apache_allow_sudo @ 4-server-options/tasks/main.yml
+# COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml
 
 # For schools that use WordPress/Nextcloud/Moodle intensively.  iiab/iiab#1147
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
@@ -22,21 +28,13 @@
     - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
 
 
-# 2020-02-12: *REQUIRED* by iiab-admin-console/roles/js-menu/tasks/main.yml,
-# which should probably instead softcode iiab_home_url as set in local_vars.yml
-#
-# SEE httpd/tasks/install.yml for related 'a2ensite iiab-homepage.conf'
-#
-# (Both mkdir & iiab-homepage.conf stuff used to be in homepage/tasks/main.yml)
-#
-- name: Create dir {{ doc_root }}/home
+- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_front_end/tasks/main.yml
   file:
     state: directory
     path: "{{ doc_root }}/home"    # /library/www/html
     owner: "{{ apache_user }}"
     group: "{{ apache_user }}"
-    mode: '0755'
-
+    # mode: '0755'
 
 - name: Create dir {{ doc_root }}/info for http://box/info offline docs
   file:
@@ -44,10 +42,23 @@
     path: "{{ doc_root }}/info"    # /library/www/html
     owner: "{{ apache_user }}"
     group: "{{ apache_user }}"
-    #mode: '0755'
+    # mode: '0755'
 
 - name: Install /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (Script can be run manually and/or at the end of Stage 4 = roles/4-server-options/tasks/main.yml)
   template:
     src: iiab-refresh-wiki-docs.sh
     dest: /usr/bin/iiab-refresh-wiki-docs
     mode: '0755'
+
+
+# RECORD www_back_end AS INSTALLED
+
+- name: "Set 'www_back_end_installed: True'"
+  set_fact:
+    www_back_end_installed: True
+
+- name: "Add 'www_back_end_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^www_back_end_installed'
+    line: 'www_back_end_installed: True'

roles/www_front_end/tasks/main.yml

@@ -0,0 +1,61 @@
+# Role "www_back_end" runs earlier, likely in 3-BASE-SERVER.
+# Role "www_front_end" runs here, probably in 4-SERVER-OPTIONS.
+#
+# (Don't take either name too literally!)
+
+
+# HOMEPAGE
+
+- name: Create dir {{ doc_root }}{{ iiab_home_url }} just in case variable iiab_home_url was customized.  (Standard path {{doc_root}}/home was created earlier.)
+  file:
+    state: directory
+    path: "{{ doc_root }}{{ iiab_home_url }}"    # /library/www/html/home
+    owner: "{{ apache_user }}"
+    group: "{{ apache_user }}"
+    mode: '0755'
+
+- name: "IN CASE NGINX IS DISABLED: Enable IIAB pages via Apache (e.g. on port 80) if apache_install"
+  include_tasks: roles/httpd/tasks/homepage.yml
+  when: apache_install | bool
+
+- name: Enable IIAB pages via NGINX (e.g. on port 80) if nginx_install
+  include_tasks: roles/nginx/tasks/homepage.yml
+  when: nginx_install | bool
+
+
+# 'Is a "Rapid Power Off" button possible for low-electricity environments?'
+# gives more details here: http://FAQ.IIAB.IO
+
+# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ?
+# COMPARE apache_high_php_limits @ roles/www_back_end/tasks/main.yml
+
+- name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
+  template:
+    src: 020_apache_poweroff.j2
+    dest: /etc/sudoers.d/020_apache_poweroff
+    mode: '0755'
+  when: apache_allow_sudo | bool
+
+- name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff
+  file:
+    path: /etc/sudoers.d/020_apache_poweroff
+    state: absent
+  when: not apache_allow_sudo
+
+
+- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_back_end/tasks/main.yml)
+  command: /usr/bin/iiab-refresh-wiki-docs
+  when: internet_available and not nodocs
+
+
+# RECORD www_front_end AS INSTALLED
+
+- name: "Set 'www_front_end_installed: True'"
+  set_fact:
+    www_front_end_installed: True
+
+- name: "Add 'www_front_end_installed: True' to {{ iiab_state_file }}"
+  lineinfile:
+    path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
+    regexp: '^www_front_end_installed'
+    line: 'www_front_end_installed: True'

tests/test.yml

@@ -72,8 +72,9 @@
     - { role: transmission }
     - { role: usb_lib }
     - { role: vnstat }
-    - { role: web_support }
     - { role: wordpress }
+    - { role: www_back_end }
+    - { role: www_front_end }
     - { role: yarn }
     #- { roles: xovis }