Fixes to remoteip and added mod_security.

8 years ago · e92cbf4143
parent 1f9761a972
commit e92cbf4143
2 changed files with 11 additions and 5 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -60,6 +60,7 @@ server_hostname: server.example.com
 # Apache configuration behind Nginx reverse proxy.
 apache_listen_ip: "127.0.0.1"
 apache_listen_port: 82
+apache_listen_port_ssl: 2443
 apache_create_vhosts: true
 apache_vhosts_filename: "vhosts.conf"
 apache_remove_default_vhost: false
@ -70,6 +71,7 @@ apache_mods_enabled:
  - rewrite.load
  - ssl.load
  - remoteip.load
+  - security.load
 apache_mods_disabled:
  - php
  - php7
--- a/roles/ansible-role-apache/templates/90-remoteip.conf.j2
+++ b/roles/ansible-role-apache/templates/90-remoteip.conf.j2
@ -1,7 +1,11 @@
-LoadModule remoteip_module modules/mod_remoteip.so
+<IfModule !mod_remoteip.c>
+  LoadModule remoteip_module modules/mod_remoteip.so
+</IfModule>

-LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+<IfModule mod_remoteip.c>
+  LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

-RemoteIPHeader X-Real-IP
-RemoteIPInternalProxy 127.0.0.1
-RemoteIPTrustedProxy 127.0.0.1
+  RemoteIPHeader X-Real-IP
+  RemoteIPInternalProxy 127.0.0.1
+  RemoteIPTrustedProxy 127.0.0.1
+</IfModule>