- name: install apache and related packages apt: name: "{{ item }}" with_items: - rsync - apache2 - name: install certbot apt: name: certbot default_release: stretch-backports when: letsencrypt - name: "empty list of domains for Let's Encrypt" shell: rm -f /etc/letsencrypt/static_sites/* - name: "create list of domains for static sites to get Let's Encrypt certs for" shell: | listdir="/etc/letsencrypt/static_sites" wellknown="/srv/letsencrypt" mkdir -p "$listdir" "$wellknown" if [ "{{ item.letsencrypt|default(false) }}" = True ] then touch "$listdir/{{ item.domain }}" mkdir -p "$wellknown/{{ item.domain }}" fi with_items: "{{ static_sites }}" when: letsencrypt - name: install script to run certbot template: src: deploy_static_site_certs dest: /usr/local/sbin/deploy_static_site_certs owner: root group: root mode: 755 when: letsencrypt - name: "get initial certificate from Let's Encrypt" shell: /usr/local/sbin/deploy_static_site_certs when: letsencrypt - name: create dirs for static site contents file: state: directory path: "/srv/http/{{ item.domain }}" owner: "{{ item.owner }}" group: "{{ item.owner }}" mode: 0755 with_items: "{{ static_sites }}" when: letsencrypt - name: create log dirs for websites file: state: directory path: "/var/log/apache2/{{ item.domain }}" owner: www-data group: www-data mode: 0755 with_items: "{{ static_sites }}" - name: configure apache to serve static sites template: src: virtualhost.conf.tmpl dest: "/etc/apache2/sites-available/{{ item.domain }}.conf" owner: root group: root mode: 0644 with_items: "{{ static_sites }}" - name: "install htpasswd files" copy: content: "{{ item.htpasswd }}" dest: "/srv/http/{{ item.domain }}.htpasswd" owner: root group: root mode: 0644 with_items: "{{ static_sites }}" when: item.htpasswd is defined - name: enable apache modules for ssl apache2_module: state: present name: "{{ item }}" with_items: - ssl - rewrite - name: enable apache sites shell: a2ensite "{{ item.domain }}" with_items: "{{ static_sites }}" notify: - restart apache