421 Role vbotka.freebsd.apache Virtual Host

Use case

Use iocage property host_hostname to create a jail. Use the role vbotka.freebsd.certificate to create SSL certificate. Use the role vbotka.freebsd.apache to configure Apache HTTP Server Virtual Host www.foo.bar.

Tree

shell> tree .
.
├── ansible.cfg
├── hosts
├── host_vars
│   ├── iocage_04
│   │   └── ansible-client-apache.yml
│   └── www-3
│       ├── apache.yml
│       └── certificate.yml
├── iocage.ini
├── pb-apache.yml
└── pb-certificate.yml

Synopsis

• The playbook vbotka.freebsd.pb_iocage_ansible_clients.yml creates and starts one jail.

• The playbook pb-certificate.yml creates SSL certificate for www.foo.bar.

• The playbook pb-apache.yml uses the certificate and configures Apache HTTP Server Virtual Host www.foo.bar in the jail.

Requirements

• Template ansible_client_apache created in 209 Create iocage pkglist file

Notes

• iocage option --name provides “NAME instead of a UUID for the new jail”.

• iocage property host_hostname provides “The hostname of the jail. Default: UUID”.

• Make sure DHCP and dynamic DNS are configured so that host_hostname and --name resolve.

See also

• FreeBSD Handbook 32.9. Apache HTTP Server

• FreeBSD Handbook 32.9.2. Virtual Hosting

• Apache HTTP Server Virtual Host

• Apache HTTP Server - SSL/TLS Strong Encryption

• man 8 iocage

ansible.cfg

[defaults]
gathering = explicit
callback_result_format = yaml
display_skipped_hosts = false
host_key_checking = false

[connection]
pipelining = true

Inventory iocage.ini

iocage_04 ansible_host=10.1.0.29

[iocage]
iocage_04

[iocage:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent

host_vars

host_vars/iocage_04/ansible-client-apache.yml

properties:
  notes: "vmm={{ inventory_hostname }}"
  bpf: 1
  dhcp: 1
  vnet: 1

clones_host_hostname:
  www-3:
    template: ansible_client_apache

host_vars/www-3/apache.yml

apache_install: false
apache_confd: false
apache_servername: www-3
apache_serveradmin: admin@www-3

apache_ssl: true
apache_sslengine: 'on'
apache_sslcertificatekeyfile: "/usr/local/etc/ssl/private/{{ apache_servername }}.key"
apache_sslcertificatefile: "/usr/local/etc/ssl/certs/{{ apache_servername }}.crt"

apache_httpd_conf_modules:
  - {module: socache_shmcb_module, mod: mod_socache_shmcb.so}
  - {module: ssl_module, mod: mod_ssl.so}

apache_vhosts: true
apache_vhost:
  - ServerName: www.foo.bar
    DocumentRoot: /usr/local/www/apache24/data-foo-bar/
    SSLCertificateFile: "/usr/local/etc/ssl/certs/www.foo.bar.crt"
    SSLCertificateKeyFile: "/usr/local/etc/ssl/private/www.foo.bar.key"
    redirect: false

apache_directory_blocks:
  - Directory: /usr/local/www/apache24/data/
    Includefile: usr-local-www-apache-data.conf
    Conf:
      - "DirectoryIndex index.html index.htm"
      - "Options Indexes FollowSymLinks"
      - "AllowOverride All"
      - "Require all granted"
  - Directory: /usr/local/www/apache24/data-foo-bar/
    Includefile: usr-local-www-apache-data-foo-bar.conf
    Conf:
      - "DirectoryIndex index.html index.htm"
      - "Options Indexes FollowSymLinks"
      - "AllowOverride All"
      - "Require all granted"

host_vars/www-3/certificate.yml

certificate_data_simple:
  - www-3
  - www.foo.bar

Create and start the jail

(env) > ansible-playbook vbotka.freebsd.pb_iocage_ansible_clients.yml \
                         -i iocage.ini \
                         -t clone_host_hostname -e clone_host_hostname=true

PLAY [Create and start jails. Optionally stop and destroy jails.] **************

TASK [Get pool.] ***************************************************************
ok: [iocage_04]

TASK [Create clones host_hostname] *********************************************
changed: [iocage_04] => (item=www-3 ansible_client_apache)

TASK [Start clones host_hostname] **********************************************
changed: [iocage_04]

PLAY RECAP *********************************************************************
iocage_04                  : ok=3    changed=2    unreachable=0    failed=0    skipped=8    rescued=0    ignored=0   

Inventory hosts

hosts

www-3

[www]
www-3

[www:vars]
ansible_user=admin
ansible_become=true
ansible_python_interpreter=auto_silent

Playbook pb-certificate.yml

- name: Create SSL certificate.
  hosts: www
  gather_facts: true

  roles:
    - vbotka.freebsd.certificate

Playbook output - Display variables

(env) > ansible-playbook pb-certificate.yml -i hosts \
                         -t certificate_debug -e certificate_debug=true

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

fatal: [www-3]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-3: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-3                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

Playbook output - Setup

(env) > ansible-playbook pb-certificate.yml -i hosts -t certificate_setup

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

fatal: [www-3]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-3: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-3                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

Playbook output - Create certificate

(env) > ansible-playbook pb-certificate.yml -i hosts -t certificate_openssl

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

fatal: [www-3]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-3: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-3                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

Playbook output - Display status

(env) > ansible-playbook pb-certificate.yml -i hosts -t certificate_openssl_stat

PLAY [Create SSL certificate.] *************************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

fatal: [www-3]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-3: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-3                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

Playbook pb-apache.yml

- name: Create Apache HTTP Server.
  hosts: www
  gather_facts: true

  roles:
    - vbotka.freebsd.apache

Playbook output - Create server

(env) > ansible-playbook pb-apache.yml -i hosts

PLAY [Create Apache HTTP Server.] **********************************************

TASK [Gathering Facts] *********************************************************
[ERROR]: Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

Task failed.

<<< caused by >>>

Failed to connect to the host via ssh: ssh: Could not resolve hostname www-3: Temporary failure in name resolution

fatal: [www-3]: UNREACHABLE! => 
    changed: false
    msg: 'Task failed: Failed to connect to the host via ssh: ssh: Could not resolve hostname
        www-3: Temporary failure in name resolution'
    unreachable: true

PLAY RECAP *********************************************************************
www-3                      : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0   

Create data-foo-bar

(env) > ssh admin@www-3 sudo cp -r /usr/local/www/apache24/data /usr/local/www/apache24/data-foo-bar

Results

• Test the configuration

  (env) > ssh admin@www-3 sudo service apache24 configtest
  Performing sanity check on apache24 configuration:
  Syntax OK
  

• The virtual host must resolve. For example,

  (env) > nslookup www-3
  Server:         127.0.0.53
  Address:        127.0.0.53#53
  
  Non-authoritative answer:
  Name:    www-3.example.com
  Address: 10.1.0.223
  
  (env) > grep www.foo.bar /etc/hosts
  10.1.0.223 www.foo.bar
  

• In a browser, open the page https://www.foo.bar/. The content should be

  It works!