summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYanis Guenane <yguenane@redhat.com>2018-02-26 09:19:30 +0100
committerYanis Guenane <yguenane@redhat.com>2018-02-26 09:19:30 +0100
commit0311bb4bdc6c317c5dc4b591d53797841fadcdc3 (patch)
tree89dba07ab122c2765bd7242c7447a0eb150bfafe
parent05bbc3d89a3f8ed8d6e83a73fac72183867636ad (diff)
Allow one to enable mod_userdirHEADmaster
This commit aims to allow an administrator to enable the use of mod_userdir including the proper SElinux settings. Change-Id: Ia0c1df11a7b5663575571d20d1d81822c2ef9a10
-rw-r--r--defaults/main.yml7
-rw-r--r--tasks/main.yml18
-rw-r--r--templates/userdir.conf16
3 files changed, 33 insertions, 8 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
deleted file mode 100644
index cce6fee..0000000
--- a/defaults/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-# mod_status
-#
-httpd_mod_status_enabled: False
-
-# httpd_mod_status_deny_rule: Deny from all
-# httpd_mod_status_allow_rule: Allow from localhost
diff --git a/tasks/main.yml b/tasks/main.yml
index 16b3032..07ae35c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -27,9 +27,25 @@
template:
src: mod_status.conf
dest: '{{ httpd_configuration_path }}/mod_status.conf'
- when: httpd_mod_status_enabled
+ when: httpd_mod_status_enabled is defined and httpd_mod_status_enabled
notify: reload-httpd
+- name: Enable httpd mod_userdir
+ become: True
+ template:
+ src: userdir.conf
+ dest: '{{ httpd_configuration_path }}/userdir.conf'
+ when: httpd_mod_userdir_enabled is defined and httpd_mod_userdir_enabled
+ notify: reload-httpd
+
+- name: Enable httpd_enable_homedirs SELinux boolean
+ become: True
+ seboolean:
+ name: httpd_enable_homedirs
+ state: yes
+ persistent: yes
+ when: httpd_mod_userdir_enabled is defined and httpd_mod_userdir_enabled
+
- name: Start the apache httpd service
become: True
service:
diff --git a/templates/userdir.conf b/templates/userdir.conf
new file mode 100644
index 0000000..f2122ab
--- /dev/null
+++ b/templates/userdir.conf
@@ -0,0 +1,16 @@
+<IfModule mod_userdir.c>
+{% if not httpd_mod_userdir_enabled|default(False)|bool %}
+ UserDir disabled
+{% endif %}
+ UserDir {{ http_dmod_userdir_path | default('public_html') }}
+</IfModule>
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+</Directory>