proxy.yml

---
- hosts: proxy
  roles:
    - common
    - apache
  tasks:

    - name: Set Apache ServerTokens directive to ProductOnly
      lineinfile: dest=/etc/apache2/apache2.conf line="ServerTokens Prod"
      notify:
        - reload apache2
      sudo: yes

    - name: Set Apache ServerSignature directive to Off
      lineinfile: dest=/etc/apache2/apache2.conf line="ServerSignature Off"
      notify:
        - reload apache2
      sudo: yes

    - name: Disable Apache icons alias
      lineinfile: dest=/etc/apache2/mods-available/alias.conf state=absent regexp="Alias /icons/ \"/usr/share/apache2/icons/\""
      notify:
        - reload apache2
      sudo: yes

    - name: Install Apache proxy module
      apt: pkg=libapache2-mod-proxy-html state=installed update_cache=true
      environment: "{{ proxy_env }}"
      sudo: yes

    - name: Enable apache proxy modules
      shell: a2enmod {{item}}
      with_items:
        - proxy
        - proxy_ajp
        - proxy_http
        - rewrite
        - deflate
        - headers
        - proxy_balancer
        - proxy_connect
        - proxy_html
        - xml2enc
        - ssl
      notify:
        - reload apache2
      sudo: yes

    - name: create virtual host file
      template: src=templates/proxy-vhost.conf dest=/etc/apache2/sites-available/{{ proxy_vhost }}.conf
      when: (proxy_ssl_cert is not defined) or (proxy_ssl_key is not defined) or (proxy_ssl_chain is not defined)
      notify:
        - reload apache2
      sudo: yes

    - name: create https virtual host file
      template: src=templates/proxy-vhost-https.conf dest=/etc/apache2/sites-available/{{ proxy_vhost }}.conf
      when: (proxy_ssl_cert is defined) and (proxy_ssl_key is defined) and (proxy_ssl_chain is defined)
      notify:
        - reload apache2
      sudo: yes

    - name: a2ensite {{ proxy_vhost }}
      command: a2ensite {{ proxy_vhost }}
      notify:
        - reload apache2
      sudo: yes

    - name: a2dissite 000-default
      command: a2dissite 000-default
      notify:
        - reload apache2
      sudo: yes

    - name: reload apache2
      service: name=apache2 state=reloaded
      notify:
        - reload apache2
      sudo: yes