roles/apache: Configure mod_userdir
By default, per-user directories (i.e. `/~username/`) are disabled in Fedora's configuration of Apache. This commit introduces a new variable, `apache_userdir`, which can be used to enable this feature. It should be set to a string other than *disabled*, which is the path under users' home directories that will be served, if it is accessible. Normally, the value would be `public_html`.jenkins-master
parent
972dbd1fdf
commit
ea1f52814d
|
|
@ -57,6 +57,18 @@
|
||||||
setype=httpd_config_t
|
setype=httpd_config_t
|
||||||
notify: reload httpd
|
notify: reload httpd
|
||||||
|
|
||||||
|
- name: ensure apache userdir module is configured
|
||||||
|
template:
|
||||||
|
src=userdir.httpd.conf.j2
|
||||||
|
dest=/etc/httpd/conf.d/userdir.conf
|
||||||
|
mode=0644
|
||||||
|
notify: reload httpd
|
||||||
|
- name: ensure selinux is configured for apache user directories
|
||||||
|
seboolean:
|
||||||
|
name=httpd_enable_homedirs
|
||||||
|
persistent=yes
|
||||||
|
state={{ 'yes' if apache_userdir is defined else 'no' }}
|
||||||
|
|
||||||
- name: ensure apache mpm module is configured
|
- name: ensure apache mpm module is configured
|
||||||
template:
|
template:
|
||||||
src=mpm.httpd.conf.j2
|
src=mpm.httpd.conf.j2
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,44 @@
|
||||||
|
#
|
||||||
|
# UserDir: The name of the directory that is appended onto a user's home
|
||||||
|
# directory if a ~user request is received.
|
||||||
|
#
|
||||||
|
# The path to the end user account 'public_html' directory must be
|
||||||
|
# accessible to the webserver userid. This usually means that ~userid
|
||||||
|
# must have permissions of 711, ~userid/public_html must have permissions
|
||||||
|
# of 755, and documents contained therein must be world-readable.
|
||||||
|
# Otherwise, the client will only receive a "403 Forbidden" message.
|
||||||
|
#
|
||||||
|
<IfModule mod_userdir.c>
|
||||||
|
#
|
||||||
|
# UserDir is disabled by default since it can confirm the presence
|
||||||
|
# of a username on the system (depending on home directory
|
||||||
|
# permissions).
|
||||||
|
#
|
||||||
|
{% if apache_userdir is defined %}
|
||||||
|
#UserDir disabled
|
||||||
|
{% else %}
|
||||||
|
UserDir disabled
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#
|
||||||
|
# To enable requests to /~user/ to serve the user's public_html
|
||||||
|
# directory, remove the "UserDir disabled" line above, and uncomment
|
||||||
|
# the following line instead:
|
||||||
|
#
|
||||||
|
{% if apache_userdir is defined %}
|
||||||
|
UserDir {{ apache_userdir }}
|
||||||
|
{% else %}
|
||||||
|
#UserDir public_html
|
||||||
|
{% endif %}
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
#
|
||||||
|
# Control access to UserDir directories. The following is an example
|
||||||
|
# for a site where these directories are restricted to read-only.
|
||||||
|
#
|
||||||
|
<Directory "/home/*/public_html">
|
||||||
|
AllowOverride FileInfo AuthConfig Limit Indexes
|
||||||
|
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
||||||
|
Require method GET POST OPTIONS
|
||||||
|
</Directory>
|
||||||
|
|
||||||
Loading…
Reference in New Issue