Refine @jvonau\'s \'Move NGINX shims to roles\'

roles/dokuwiki/defaults/main.yml

@@ -1,8 +1,9 @@
 # dokuwiki_install: False
 # dokuwiki_enabled: False
 
+# dokuwiki_url: /dokuwiki
+
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
 
 dokuwiki_version: "dokuwiki-2018-04-22b"
-dokuwiki_url: /wiki

roles/dokuwiki/tasks/enable.yml

@@ -1,35 +1,39 @@
-- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
+# Apache
-  file:
-    src: /etc/apache2/sites-available/dokuwiki.conf
-    path: /etc/apache2/sites-enabled/dokuwiki.conf
-    state: link
-  when: dokuwiki_enabled and is_debuntu
 
-- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu)
+- name: Enable http://box{{ dokuwiki_url }} via Apache    # http://box/dokuwiki
-  file:
+  command: a2ensite dokuwiki.conf
-    path: /etc/apache2/sites-enabled/dokuwiki.conf
+  when: apache_install and dokuwiki_enabled
-    state: absent
-  when: not dokuwiki_enabled and is_debuntu
 
-- name: Install {{ nginx_config_dir }}/dokuwiki-nginx.conf SHIM from template
+- name: Disable http://box{{ dokuwiki_url }} via Apache    # http://box/dokuwiki
-  template:
+  command: a2dissite dokuwiki.conf
-    src: dokuwiki-nginx.conf
+  when: apache_install and not dokuwiki_enabled
-    dest: "{{ nginx_config_dir }}/dokuwiki-nginx.conf"
-  when: dokuwiki_enabled and nginx_enabled
 
-- name: Restart Apache ({{ apache_service }}) to enable/disable DokuWiki's http://box/wiki
+- name: Restart Apache systemd service ({{ apache_service }})
   systemd:
     name: "{{ apache_service }}"
-    daemon_reload: yes
     state: restarted
-  when: apache_enabled
+  when: apache_enabled | bool
 
-- name: Restart nginx to enable/disable DokuWiki's http://box/wiki
+# NGINX
+
+- name: "SHIM: Enable http://box{{ dokuwiki_url }} via NGINX, by installing {{ nginx_config_dir }}/dokuwiki-nginx.conf from template"    # http://box/dokuwiki
+  template:
+    src: dokuwiki-nginx.conf.j2
+    dest: "{{ nginx_config_dir }}/dokuwiki-nginx.conf"
+  when: nginx_install and dokuwiki_enabled
+
+- name: "SHIM: Disable http://box{{ dokuwiki_url }} via NGINX, by removing {{ nginx_config_dir }}/dokuwiki-nginx.conf"    # http://box/dokuwiki
+  file:
+    path: "{{ nginx_config_dir }}/dokuwiki-nginx.conf"
+    state: absent
+  when: nginx_install and not dokuwiki_enabled
+
+- name: Restart 'nginx' systemd service
   systemd:
     name: nginx
-    daemon_reload: yes
     state: restarted
-  when: nginx_enabled
+  when: nginx_enabled | bool
+
 
 - name: Add 'dokuwiki' variable values to {{ iiab_ini_file }}
   ini_file:
@@ -46,4 +50,3 @@
       value: "{{ dokuwiki_install }}"
     - option: enabled
       value: "{{ dokuwiki_enabled }}"
-

roles/dokuwiki/tasks/install.yml

@@ -11,7 +11,15 @@
     dest: /library
     creates: "/library/{{ dokuwiki_version }}/VERSION"
 
-- name: Symlink /library/dokuwiki to /library/{{ dokuwiki_version }}
+- name: Ensure dir /library/{{ dokuwiki_version }} is owned by {{ apache_user }} with 644/755 permissions
+  file:
+    path: "/library/{{ dokuwiki_version }}"
+    owner: "{{ apache_user }}"
+    mode: u+rw,go+r,go-w    # '0755' had forced 'x' bits for non-dirs
+    state: directory
+    recurse: yes
+
+- name: Symlink /library/dokuwiki -> /library/{{ dokuwiki_version }}
   #shell: if [ ! -d /library/dokuwiki ]; then ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki; fi
   #shell: ln -sf /library/{{ dokuwiki_version }} /library/dokuwiki
   #BOTH LINES ABOVE FAIL TO UPDATE LINK; Ansible approach below works
@@ -21,36 +29,26 @@
     state: link
     force: yes
 
-- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box/wiki
+- name: Install /etc/{{ apache_config_dir }}/dokuwiki.conf from template, for DokuWiki's http://box{{ dokuwiki_url }}
   template:
     src: dokuwiki.conf.j2
     dest: "/etc/{{ apache_config_dir }}/dokuwiki.conf"
-  when: dokuwiki_enabled | bool
 
-- name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
+# - name: Symlink /etc/apache2/sites-enabled/dokuwiki.conf to /etc/apache2/sites-available/dokuwiki.conf if dokuwiki_enabled (debuntu)
-  file:
+#   file:
-    src: /etc/apache2/sites-available/dokuwiki.conf
+#     src: /etc/apache2/sites-available/dokuwiki.conf
-    path: /etc/apache2/sites-enabled/dokuwiki.conf
+#     path: /etc/apache2/sites-enabled/dokuwiki.conf
-    state: link
+#     state: link
-  when: dokuwiki_enabled and is_debuntu
+#   when: dokuwiki_enabled and is_debuntu
-
+#
-- name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu)
+# - name: Remove symlink /etc/apache2/sites-enabled/dokuwiki.conf if not dokuwiki_enabled (debuntu)
-  file:
+#   file:
-    path: /etc/apache2/sites-enabled/dokuwiki.conf
+#     path: /etc/apache2/sites-enabled/dokuwiki.conf
-    state: absent
+#     state: absent
-  when: not dokuwiki_enabled and is_debuntu
+#   when: not dokuwiki_enabled and is_debuntu
-
-- name: Set /library/{{ dokuwiki_version }} owner to {{ apache_user }} and permissions to 0755 (recursively)
-  file:
-    path: "/library/{{ dokuwiki_version }}"
-    owner: "{{ apache_user }}"
-    mode: 0755
-    state: directory
-    recurse: yes
 
 - name: "Add 'dokuwiki_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
   lineinfile:
     dest: "{{ iiab_state_file }}"
     regexp: '^dokuwiki_installed'
     line: 'dokuwiki_installed: True'
-    state: present

roles/dokuwiki/templates/dokuwiki-nginx.conf.j2

@@ -1,3 +1,3 @@
-location {{ dokuwiki_url }} {
+location {{ dokuwiki_url }}/ {
-  proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }};
+  proxy_pass http://127.0.0.1:{{ apache_port }}{{ dokuwiki_url }}/;
 }

roles/elgg/tasks/enable.yml

@@ -1,41 +1,39 @@
-- name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat)
+# Apache
-  file:
-    src: /etc/apache2/sites-available/elgg.conf
-    path: /etc/apache2/sites-enabled/elgg.conf
-    state: link
-  when: elgg_enabled and is_debuntu
 
-- name: Remove symlink /etc/apache2/sites-enabled/elgg.conf (debuntu)
+- name: Enable http://box{{ elgg_url }} via Apache    # http://box/elgg
-  file:
+  command: a2ensite elgg.conf
-    path: /etc/apache2/sites-enabled/elgg.conf
+  when: apache_install and elgg_enabled
-    state: absent
-  when: not elgg_enabled and is_debuntu
 
-- name: Remove Apache's elgg.conf (redhat)
+- name: Disable http://box{{ elgg_url }} via Apache    # http://box/elgg
-  file:
+  command: a2dissite elgg.conf
-    dest: "/etc/{{ apache_config_dir }}/elgg.conf"
+  when: apache_install and not elgg_enabled
-    state: absent
-  when: not elgg_enabled and is_redhat
 
-- name: Install {{ nginx_config_dir }}/elgg-nginx.conf from template
+- name: Restart Apache systemd service ({{ apache_service }})
-  template:
-    src: elgg-nginx.conf
-    dest: "{{ nginx_config_dir }}/elgg-nginx.conf"
-  when: elgg_enabled and nginx_enabled
-
-- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/elgg
   systemd:
     name: "{{ apache_service }}"
-    daemon_reload: yes
     state: restarted
-  when: apache_enabled
+  when: apache_enabled | bool
 
-- name: Restart nginx to enable/disable http://box/elgg
+# NGINX
+
+- name: "SHIM: Enable http://box{{ elgg_url }} via NGINX, by installing {{ nginx_config_dir }}/elgg-nginx.conf from template"    # http://box/elgg
+  template:
+    src: elgg-nginx.conf.j2
+    dest: "{{ nginx_config_dir }}/elgg-nginx.conf"
+  when: nginx_install and elgg_enabled
+
+- name: "SHIM: Disable http://box{{ elgg_url }} via NGINX, by removing {{ nginx_config_dir }}/elgg-nginx.conf"    # http://box/elgg
+  file:
+    path: "{{ nginx_config_dir }}/elgg-nginx.conf"
+    state: absent
+  when: nginx_install and not elgg_enabled
+
+- name: Restart 'nginx' systemd service
   systemd:
     name: nginx
-    daemon_reload: yes
     state: restarted
-  when: nginx_enabled
+  when: nginx_enabled | bool
+
 
 - name: Add 'elgg' variable values to {{ iiab_ini_file }}
   ini_file:

roles/elgg/tasks/install.yml

@@ -53,7 +53,7 @@
     group: "{{ apache_user }}"
 
 #regexp='^#RewriteBase'
-- name: Change .htaccess to include RewriteBase for http://box/elgg
+- name: Change .htaccess to include RewriteBase for http://box{{ elgg_url }}    # http://box/elgg
   lineinfile:
     backup: no
     path: "/opt/{{ elgg_xx }}/.htaccess"
@@ -82,7 +82,7 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box/elgg
+- name: Install /etc/{{ apache_config_dir }}/elgg.conf from template, for http://box{{ elgg_url }}    # http://box/elgg
   template:
     src: elgg.conf
     dest: "/etc/{{ apache_config_dir }}/elgg.conf"
@@ -92,5 +92,3 @@
     dest: "{{ iiab_state_file }}"
     regexp: '^elgg_installed'
     line: 'elgg_installed: True'
-    state: present
-

roles/elgg/tasks/setup.yml

@@ -3,7 +3,7 @@
     name: "{{ dbname }}"
   register: create_elgg_database
 
-- name: Create user/password to access Elgg database - can be run more than once
+- name: Create MySQL user {{ dbuser }} and password to access Elgg database - can be run more than once
   mysql_user:
     name: "{{ dbuser }}"
     host: "{{ item }}"
@@ -16,8 +16,8 @@
 
 - name: Create /tmp/elggdb.sql from template, to load database
   template:
-    src: "elggdb.sql.j2"
+    src: elggdb.sql.j2
-    dest: "/tmp/elggdb.sql"
+    dest: /tmp/elggdb.sql
 
 # elggdb.sql obtained with mysqldump --skip-add-drop-table elggdb > elggdb.sql
 # tar up a mysqldump of freshly installed database and use it in the install to avoid the startup
@@ -28,7 +28,7 @@
     name: "{{ dbname }}"
     state: import
     target: /tmp/elggdb.sql
-  when: create_elgg_database.changed
+  when: create_elgg_database.changed | bool
 
 - name: Remove database dump /tmp/elggdb.sql
   file:

roles/elgg/templates/elgg-nginx.conf

@@ -1,3 +0,0 @@
-location /elgg {
-  proxy_pass http://127.0.0.1:{{ apache_port }}/elgg;
-}

roles/elgg/templates/elgg-nginx.conf.j2

@@ -0,0 +1,3 @@
+location {{ elgg_url }}/ {
+  proxy_pass http://127.0.0.1:{{ apache_port }}{{ elgg_url }}/;
+}

roles/elgg/templates/elggdb.sql.j2

@@ -541,7 +541,7 @@ CREATE TABLE `elgg_sites_entity` (
 
 LOCK TABLES `elgg_sites_entity` WRITE;
 /*!40000 ALTER TABLE `elgg_sites_entity` DISABLE KEYS */;
-INSERT INTO `elgg_sites_entity` VALUES (1,'My New Community','','http://box/elgg/');
+INSERT INTO `elgg_sites_entity` VALUES (1,'My New Community','','http://box{{ elgg_url }}/');
 /*!40000 ALTER TABLE `elgg_sites_entity` ENABLE KEYS */;
 UNLOCK TABLES;
 

roles/lokole/tasks/enable.yml

@@ -1,62 +1,54 @@
-- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
+- name: Enable & Restart 'lokole' systemd service
   systemd:
-    daemon_reload: yes
     name: lokole
+    daemon_reload: yes
     enabled: yes
     state: restarted
-  when: lokole_enabled
+  when: lokole_enabled | bool
 
-- name: Disable 'lokole' service, if not lokole_enabled
+- name: Disable & Stop 'lokole' systemd service
   systemd:
-    daemon_reload: yes
     name: lokole
     enabled: no
     state: stopped
   when: not lokole_enabled
 
-- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box/lokole
+# Apache
-  template:
-    src: lokole.conf.j2
-    dest: "/etc/{{ apache_config_dir }}/lokole.conf"
 
-- name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu)
+- name: Enable http://box{{ lokole_url }} via Apache    # http://box/lokole
-  file:
+  command: a2ensite lokole.conf
-    src: "/etc/{{ apache_config_dir }}/lokole.conf"
+  when: apache_install and lokole_enabled
-    path: /etc/apache2/sites-enabled/lokole.conf
-    state: link
-  when: lokole_enabled and is_debuntu
 
-- name: Remove /etc/apache2/sites-enabled/lokole.conf, if not lokole_enabled (debuntu)
+- name: Disable http://box{{ lokole_url }} via Apache    # http://box/lokole
-  file:
+  command: a2dissite lokole.conf
-    path: /etc/apache2/sites-enabled/lokole.conf
+  when: apache_install and not lokole_enabled
-    state: absent
-  when: not lokole_enabled and is_debuntu
 
-- name: Remove /etc/{{ apache_config_dir }}/lokole.conf, if not lokole_enabled (OS's other than debuntu)
+- name: Restart Apache systemd service ({{ apache_service }})
-  file:
+  systemd:
-    path: "/etc/{{ apache_config_dir }}/lokole.conf"
+    name: "{{ apache_service }}"
-    state: absent
+    state: restarted
-  when: (not lokole_enabled) and (not is_debuntu)
+  when: apache_enabled | bool
 
-- name: Install {{ nginx_config_dir }}/lokole-nginx.conf from template
+# NGINX
+
+- name: "SHIM: Enable http://box{{ lokole_url }} via NGINX, by installing {{ nginx_config_dir }}/lokole-nginx.conf from template"    # http://box/lokole
   template:
     src: lokole-nginx.conf.j2
     dest: "{{ nginx_config_dir }}/lokole-nginx.conf"
-  when: lokole_enabled and nginx_enabled
+  when: nginx_install and lokole_enabled
 
-- name: Restart Apache ({{ apache_service }}) to enable/disable http://box/lokole
+- name: "SHIM: Disable http://box{{ lokole_url }} via NGINX, by removing {{ nginx_config_dir }}/lokole-nginx.conf"    # http://box/lokole
-  systemd:
+  file:
-    name: "{{ apache_service }}"
+    path: "{{ nginx_config_dir }}/lokole-nginx.conf"
-    daemon_reload: yes
+    state: absent
-    state: restarted
+  when: nginx_install and not lokole_enabled
-  when: apache_enabled
 
-- name: Restart nginx to enable/disable http://box/lokole
+- name: Restart 'nginx' systemd service
   systemd:
     name: nginx
-    daemon_reload: yes
     state: restarted
-  when: nginx_enabled
+  when: nginx_enabled | bool
+
 
 - name: Add 'lokole' variable values to {{ iiab_ini_file }}
   ini_file:

roles/lokole/tasks/install.yml

@@ -13,8 +13,6 @@
       #- bcrypt does not exist on Ubuntu 19.10
       - python3-bcrypt    # 2019-10-14: should work across modern Linux OS's
     state: present
-  tags:
-    - install
 
 - name: pip install opwen_email_client (Lokole) {{ lokole_version }} from PyPI to {{ lokole_venv }}
   pip:
@@ -23,8 +21,6 @@
     virtualenv: "{{ lokole_venv }}"
     virtualenv_command: python3 -m venv "{{ lokole_venv }}"
     extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
-  tags:
-    - install
   when:
     - internet_available | bool
     - lokole_commit is undefined
@@ -39,8 +35,6 @@
     virtualenv: "{{ lokole_venv }}"
     virtualenv_command: python3 -m venv "{{ lokole_venv }}"
     extra_args: --no-cache-dir    # To avoid caching issues e.g. soon after new releases hit https://pypi.org/project/opwen-email-client/
-  tags:
-    - install
   when:
     - internet_available | bool
     - lokole_commit is defined
@@ -51,56 +45,49 @@
     {{ lokole_venv }}/bin/pybabel compile -d {{ item }}/translations
   with_items:
     - "{{ lokole_venv }}/lib/python${python_version}/site-packages/opwen_email_client/webapp"
-  tags:
-    - install
 
 - name: Create dir {{ lokole_run_directory }}
   file: 
     path: "{{ lokole_run_directory }}"
     state: directory
-  tags:
-    - configure
 
 - name: Install {{ lokole_run_directory }}/webapp_secrets.sh from template, to configure Lokole
   template:
     src: webapp_secrets.sh.j2
     dest: "{{ lokole_run_directory }}/webapp_secrets.sh"
-  tags:
-    - configure
 
 - name: Install {{ lokole_run_directory }}/webapp.sh from template, to configure Gunicorn
   template:
     src: webapp.sh.j2
     dest: "{{ lokole_run_directory }}/webapp.sh"
     mode: a+x
-  tags:
-    - configure
 
 - name: Create admin user
   shell: |
     . {{ lokole_run_directory }}/webapp_secrets.sh
     {{ lokole_venv }}/bin/manage.py createadmin --name='{{ lokole_admin_user }}' --password='{{ lokole_admin_password }}'
-  tags:
-    - configure
 
-- name: Install unit file /etc/systemd/system/lokole.service from template
+- name: Install /etc/{{ apache_config_dir }}/lokole.conf from template, for http://box{{ lokole_url }} via Apache   # http://box/lokole
+  template:
+    src: lokole.conf.j2
+    dest: "/etc/{{ apache_config_dir }}/lokole.conf"
+  when: apache_install | bool
+
+- name: Install /etc/systemd/system/lokole.service unit file from template
   template:
     src: lokole.service.j2
     dest: /etc/systemd/system/lokole.service
-  tags:
-    - systemd
 
-- name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
+# - name: Enable & Restart 'lokole' systemd service, with daemon_reload, if lokole_enabled
-  systemd:
+#   systemd:
-    daemon_reload: yes
+#     daemon_reload: yes
-    name: lokole
+#     name: lokole
-    enabled: yes
+#     enabled: yes
-    state: restarted
+#     state: restarted
-  when: lokole_enabled | bool
+#   when: lokole_enabled | bool
 
 - name: "Add 'lokole_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
   lineinfile:
     dest: "{{ iiab_state_file }}"
     regexp: '^lokole_installed'
     line: 'lokole_installed: True'
-    state: present

roles/lokole/templates/lokole-nginx.conf.j2

@@ -1,3 +1,3 @@
-location /lokole {
+location {{ lokole_url }}/ {
-  proxy_pass http://127.0.0.1:{{ apache_port }}/lokole;
+  proxy_pass http://127.0.0.1:{{ apache_port }}{{ lokole_url }}/;
 }

roles/moodle/tasks/install.yml

@@ -52,11 +52,11 @@
     recurse: yes
     state: directory
 
-- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }} with write permission 0755
+- name: Create dir {{ content_base }}/dbdata/moodle owned by {{ apache_user }}
   file:
     path: "{{ content_base }}/dbdata/moodle"
     owner: "{{ apache_user }}"
-    mode: 0755
+    # mode: '0755'
     state: directory
 
 - name: Create dir {{ moodle_data }} owned by {{ apache_user }}:{{ apache_user }} with write permission 0770    # /library/moodle
@@ -64,7 +64,7 @@
     path: "{{ moodle_data }}"
     owner: "{{ apache_user }}"
     group: "{{ apache_user }}"
-    mode: 0770
+    mode: '0770'
     state: directory
 
 - name: Remove Apache's stock moodle.conf
@@ -76,9 +76,9 @@
   template:
     src: 022-moodle.j2
     dest: "/etc/{{ apache_config_dir }}/022-moodle.conf"
-    owner: root
+    # owner: root
-    group: root
+    # group: root
-    mode: 0644
+    # mode: '0644'
 
 - name: Restart postgresql-iiab
   service:
@@ -109,7 +109,7 @@
   template:
     src: moodle_installer
     dest: "{{ moodle_base }}"
-    mode: 0755
+    mode: '0755'
 
 - name: Enable & Restart postgresql-iiab
   service:
@@ -118,7 +118,7 @@
     enabled: yes
   when: moodle_enabled | bool
 
-- name: Restart Apache service ({{ apache_service }})
+- name: Restart Apache systemd service ({{ apache_service }})
   service:
     name: "{{ apache_service }}"
     state: restarted
@@ -136,11 +136,10 @@
   #command: chown -R {{ apache_user }} {{ moodle_base }}
   file:
     path: "{{ moodle_base }}/config.php"
-    mode: 0644
+    mode: '0644'
 
 - name: "Add 'moodle_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
   lineinfile:
     dest: "{{ iiab_state_file }}"
     regexp: '^moodle_installed'
     line: 'moodle_installed: True'
-    state: present

roles/moodle/templates/moodle-nginx.conf.j2

@@ -4,10 +4,10 @@ location /moodle {
     proxy_set_header Host $host;
     proxy_pass http://127.0.0.1:{{ apache_port }};
 }
+
 location ~ ^/moodle.*\.php$ {
     proxy_set_header X-Real-IP  $remote_addr;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header Host $host;
     proxy_pass http://127.0.0.1:{{ apache_port }};
 }
-   

roles/nextcloud/tasks/enable.yml

@@ -1,47 +1,39 @@
-# This should go in computed_network.yml, but here for now
+# Apache
-#- name: Compute Nextcloud listen ip addr for nextcloud.conf
-#  set_fact:
-#    nextcloud_required_ip: "{{ ansible_default_ipv4.network }}/{{ ansible_default_ipv4.netmask }}"
-#  when: ansible_default_ipv4.network is defined
 
-- name: Create symlink nextcloud.conf from sites-enabled to sites-available for http://box/nextcloud (debuntu)
+- name: Enable http://box{{ nextcloud_url }} via Apache    # http://box/nextcloud
-  file:
+  command: a2ensite nextcloud.conf
-    src: "/etc/{{ apache_config_dir }}/nextcloud.conf"
+  when: apache_install and nextcloud_enabled
-    path: /etc/apache2/sites-enabled/nextcloud.conf
-    state: link
-  when: nextcloud_enabled and is_debuntu
 
-- name: Remove symlink nextcloud.conf from /etc/apache2/sites-enabled if not nextcloud_enabled (debuntu)
+- name: Disable http://box{{ nextcloud_url }} via Apache    # http://box/nextcloud
-  file:
+  command: a2dissite nextcloud.conf
-    path: /etc/apache2/sites-enabled/nextcloud.conf
+  when: apache_install and not nextcloud_enabled
-    state: absent
-  when: not nextcloud_enabled and is_debuntu
 
-- name: Remove sites-available/nextcloud.conf if not nextcloud_enabled (redhat)
+- name: Restart Apache systemd service ({{ apache_service }})
-  file:
-    path: "/etc/{{ apache_config_dir }}/nextcloud.conf"
-    state: absent
-  when: not nextcloud_enabled and is_redhat
-
-- name: Install Nextcloud's nginx conf.d file from template
-  template:
-       src: nextcloud-nginx.conf
-       dest: "{{ nginx_config_dir }}/nextcloud-nginx.conf"
-  when: nextcloud_enabled and nginx_enabled
-
-- name: Restart {{ apache_service }}, enabling/disabling http://box/nextcloud
   systemd:
     name: "{{ apache_service }}"
-    daemon-reload: yes
     state: restarted
   when: apache_enabled | bool
 
-- name: Restart nginx enabling/disabling http://box/nextcloud
+# NGINX
+
+- name: "SHIM: Enable http://box{{ nextcloud_url }} via NGINX, by installing {{ nginx_config_dir }}/nextcloud-nginx.conf from template"    # http://box/nextcloud
+  template:
+    src: nextcloud-nginx.conf.j2
+    dest: "{{ nginx_config_dir }}/nextcloud-nginx.conf"
+  when: nginx_install and nextcloud_enabled
+
+- name: "SHIM: Disable http://box{{ nextcloud_url }} via NGINX, by removing {{ nginx_config_dir }}/nextcloud-nginx.conf"    # http://box/nextcloud
+  file:
+    path: "{{ nginx_config_dir }}/nextcloud-nginx.conf"
+    state: absent
+  when: nginx_install and not nextcloud_enabled
+
+- name: Restart 'nginx' systemd service
   systemd:
     name: nginx
-    daemon-reload: yes
     state: restarted
-  when: nginx_enabled
+  when: nginx_enabled | bool
+
 
 - name: Add 'nextcloud' variable values to {{ iiab_ini_file }}
   ini_file:

roles/nextcloud/tasks/install.yml

@@ -49,8 +49,6 @@
     #validate_certs: False    # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
   #async: 1800
   #poll: 10
-  tags:
-    - download
   when: internet_available and not php_new
   #when: internet_available and nextcloud_force_install and (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
 
@@ -63,8 +61,6 @@
     #validate_certs: False    # TEMPORARY ON/AFTER 2018-07-22 AS download.nextcloud.com CERT EXPIRED: https://github.com/iiab/iiab/issues/954
   #async: 1800
   #poll: 10
-  tags:
-    - download
   when: internet_available and php_new
   #when: internet_available and nextcloud_force_install and not (is_debian_9 or is_raspbian_9 or is_ubuntu_16)
 
@@ -155,7 +151,7 @@
     dest: "{{ nextcloud_prefix }}/nextcloud/config/autoconfig.php"
     owner: "{{ apache_user }}"
     group: "{{ apache_user }}"
-    mode: 0640
+    mode: '0640'
   when: is_centos | bool
 
 - name: chown -R {{ apache_user }}:{{ apache_user }} {{ nextcloud_prefix }}/nextcloud
@@ -171,20 +167,16 @@
     path: "{{ nextcloud_data_dir }}"
     owner: "{{ apache_user }}"
     group: "{{ apache_user }}"
-    mode: 0750
+    mode: '0750'
     state: directory
 
 - name: Install Apache's nextcloud.conf from template, for http://box/nextcloud
   template:
     src: nextcloud.conf.j2
     dest: "/etc/{{ apache_config_dir }}/nextcloud.conf"
-    owner: root
-    group: root
-    mode: 0644
 
 - name: "Add 'nextcloud_installed: True' to {{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
   lineinfile:
     dest: "{{ iiab_state_file }}"
     regexp: '^nextcloud_installed'
     line: 'nextcloud_installed: True'
-    state: present

roles/nextcloud/templates/nextcloud-nginx.conf.j2

@@ -1,11 +1,10 @@
-location /nextcloud {
+location {{ nextcloud_url }} {
-  proxy_pass http://127.0.0.1:{{ apache_port }}/nextcloud;
+  proxy_pass http://127.0.0.1:{{ apache_port }}{{ nextcloud_url }};
 }
 
-location ~ /nextcloud/.*\.php$ {
+location ~ {{ nextcloud_url }}/.*\.php$ {
     proxy_set_header X-Real-IP  $remote_addr;
     proxy_set_header X-Forwarded-For $remote_addr;
     proxy_set_header Host $host;
     proxy_pass http://127.0.0.1:{{ apache_port }};
 }
-

roles/nginx/tasks/main.yml

@@ -1,7 +1,7 @@
 - name: Remove stale files (usb-lib.conf, modules.conf) from {{ nginx_config_dir }}
   file:
-      state: absent
+    path: "{{ item.path }}"
-      path: "{{ item.path }}"
+    state: absent
   with_items:
     - { path: "{{ nginx_config_dir }}/usb-lib.conf" }
     - { path: "{{ nginx_config_dir }}/modules.conf" }
@@ -13,43 +13,43 @@
 
 - name: "Install from template: /etc/nginx/server.conf, /etc/nginx/nginx.conf, /etc/{{ apache_service }}/ports.conf, {{ nginx_config_dir }}/iiab.conf"
   template:
-      src: "{{ item.src}}"
+    src: "{{ item.src}}"
-      dest: "{{ item.dest }}"
+    dest: "{{ item.dest }}"
   with_items:
-    - { src: "server.conf", dest: "/etc/nginx/" }
+    - { src: 'server.conf', dest: '/etc/nginx/' }
-    - { src: "nginx.conf", dest: "/etc/nginx/" }
+    - { src: 'nginx.conf', dest: '/etc/nginx/' }
-    - { src: "ports.conf", dest: "/etc/{{ apache_service }}/" }
+    - { src: 'ports.conf', dest: "/etc/{{ apache_service }}/" }
-    - { src: "iiab.conf.j2", dest: "{{ nginx_config_dir }}/iiab.conf" }
+    - { src: 'iiab.conf.j2', dest: "{{ nginx_config_dir }}/iiab.conf" }
   when: nginx_enabled | bool
 
 # the below slides in nginx's proxypass config files for apache on localhost
 # via the ports.conf file installed above
-#- name: Install proxpass to apache running on localhost port {{ apache_port }}
+#- name: Install proxpass to Apache running on localhost port {{ apache_port }}
 #  include_tasks: uses_apache.yml
-#  when: apache_enabled
+#  when: apache_enabled | bool
 
 # the below task contains the same logic contained in the playbooks to enable
 # 'runrole nginx' to do the right thing but with the 'src' path set to role's
 # templates path ie roles/<rolename>/template/
 #- name: Install proxpass to other services 'dual mode' roles
 #  include_tasks: only_nginx.yml
-#  when: nginx_enabled
+#  when: nginx_enabled | bool
 
-- name: Stop and disable NGINX when not nginx_enabled
+- name: Stop and disable NGINX, when not nginx_enabled
   systemd:
     name: nginx
     state: stopped
     enabled: false
   when: not nginx_enabled
 
-- name: Disable Apache port {{ apache_port }} localhost only
+- name: Disable Apache port {{ apache_port }} localhost only, when not nginx_enabled
   template:
     dest: /etc/{{ apache_service }}/ports.conf
     src: stock-apache-ports.conf
   when: not nginx_enabled
 
 # should have the logic to handle both modes in the playbook
-#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is diabled
+#- name: Enable Apache (a2ensite) for 'dual mode' for the role when NGINX is disabled
 #  include_tasks: disable.yml
 #  when: not nginx_enabled
 
@@ -59,7 +59,7 @@
     daemon_reload: yes
     state: restarted
     enabled: true
-  when: apache_enabled | bool or not nginx_enabled | bool
+  when: apache_enabled or not nginx_enabled
 
 - name: Enable & Restart NGINX, to pick up the config files installed
   systemd:

roles/nodered/tasks/enable.yml

@@ -1,56 +1,55 @@
-- name: Enable & (Re)start 'nodered' systemd service (if nodered_enabled)
+- name: Enable & (Re)start 'nodered' systemd service
   systemd:
-    daemon_reload: yes
     name: nodered
+    daemon_reload: yes
     enabled: yes
     state: restarted
   when: nodered_enabled
 
-- name: Disable & Stop 'nodered' systemd service (if not nodered_enabled)
+- name: Disable & Stop 'nodered' systemd service
   systemd:
-    daemon_reload: yes
     name: nodered
     enabled: no
     state: stopped
   when: not nodered_enabled
 
-- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled)
+# Apache
-  file:
-    src: /etc/apache2/sites-available/nodered.conf
-    dest: /etc/apache2/sites-enabled/nodered.conf
-    owner: root
-    group: root
-    state: link
-  when: nodered_enabled
 
-- name: Remove symlink /etc/apache2/sites-enabled/nodered.conf (if not nodered_enabled)
+- name: Enable http://box/nodered via Apache
-  file:
+  command: a2ensite nodered.conf
-    path: /etc/apache2/sites-enabled/nodered.conf
+  when: apache_install and nodered_enabled
-    state: absent
-  when: not nodered_enabled
 
-- name: Install NodeRed's nginx conf.d file from template
+- name: Disable http://box/nodered via Apache
+  command: a2dissite nodered.conf
+  when: apache_install and not nodered_enabled
+
+- name: Restart Apache systemd service ({{ apache_service }})
+  systemd:
+    name: "{{ apache_service }}"
+    state: restarted
+  when: apache_enabled | bool
+
+# NGINX
+
+- name: "SHIM: Enable http://box/nodered_url via NGINX, by installing {{ nginx_config_dir }}/nodered-nginx.conf from template"
   template:
     src: nodered-nginx.conf.j2
     dest: "{{ nginx_config_dir }}/nodered-nginx.conf"
-    owner: root
+    # mode: '0666'
-    group: root
+  when: nginx_install and nodered_enabled
-    mode: 0666
-  when: nodered_enabled and nginx_enabled
 
-- name: Restart Apache service ({{ apache_service }}) to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered)
+- name: "SHIM: Disable http://box/nodered_url via NGINX, by removing {{ nginx_config_dir }}/nodered-nginx.conf"
-  systemd:
+  file:
-    name: "{{ apache_service }}"    # httpd or apache2
+    path: "{{ nginx_config_dir }}/nodered-nginx.conf"
-    daemon-reload: yes
+    state: absent
-    state: restarted
+  when: nginx_install and not nodered_enabled
-  when: apache_enabled
 
-- name: Restart nginx to enable/disable http://box/nodered (not just http://box:{{ nodered_port }}/nodered)
+- name: Restart 'nginx' systemd service
   systemd:
     name: nginx
     state: restarted
-    daemon-reload: yes
+  when: nginx_enabled | bool
-  when: nginx_enabled
+
 
 - name: Add 'nodered' variable values to {{ iiab_ini_file }}
   ini_file:

roles/nodered/tasks/install.yml

@@ -78,18 +78,14 @@
     backup: yes
     src: nodered.service.j2
     dest: /etc/systemd/system/nodered.service
-    owner: root
+    # mode: '0666'
-    group: root
-    mode: 0666
 
-- name: Install Apache's sites-available/nodered.conf from template
+- name: Install /etc/{{ apache_config_dir }}/nodered.conf from template
   template:
     backup: yes
     src: nodered.conf.j2
-    dest: /etc/apache2/sites-available/nodered.conf
+    dest: "/etc/{{ apache_config_dir }}/nodered.conf"
-    owner: root
+    # mode: '0666'
-    group: root
-    mode: 0666
 
 # SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
 - name: Enable proxy_wstunnel apache2 module
@@ -102,5 +98,3 @@
     dest: "{{ iiab_state_file }}"
     regexp: '^nodered_installed'
     line: 'nodered_installed: True'
-    state: present
-

roles/nodered/templates/nodered-nginx.conf.j2

@@ -1,3 +1,3 @@
-location /nodered {
+location /nodered/ {
-  proxy_pass http://127.0.0.1:{{ apache_port }}/nodered;
+  proxy_pass http://127.0.0.1:{{ apache_port }}/nodered/;
 }