-
Notifications
You must be signed in to change notification settings - Fork 0
/
distr_FosWiki_install_wsl-v1_debian.yml
322 lines (267 loc) · 12.5 KB
/
distr_FosWiki_install_wsl-v1_debian.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
---
- name: Ansible script for Debian 11+, Install and configrure FosWiki (fom git, on separate disk).
hosts: "{{ variable_host | default('localhost') }}"
become_user: '{{ name_of_user }}'
become_method: 'sudo'
vars:
# Main configure vars
web_server_name: 'apache2'
user_name_webserver: 'www-data'
main_patch_to_fowiki: '/mnt/d/foswiki'
path_to_foswiki_engine: '/foswiki-engine'
path_to_foswiki_database: '/foswiki-database'
path_to_foswiki_webserver_config_file: '/etc/apache2/sites-available/foswiki.httpd.conf'
# tech vars
list_soft:
- '{{web_server_name}}'
- git-all
- perl
- libcgi-session-perl
- libcrypt-passwdmd5-perl
- libfile-copy-recursive-perl
- libapache2-mod-perl2
- libapache2-request-perl
- libdbi-perl
- libdbd-mysql-perl
- libdbd-pg-perl
- libdbd-sqlite3-perl
- libfcgi-perl
- libfcgi-procmanager-perl
- libcrypt-smime-perl
- libcrypt-x509-perl
- libconvert-pem-perl
- libalgorithm-diff-perl
- libarchive-tar-perl
- libauthen-sasl-perl
- libcgi-pm-perl
- libdigest-sha-perl
- libemail-address-xs-perl
- libemail-mime-perl
- libencode-perl
- liberror-perl
- libhtml-parser-perl
- libhtml-tree-perl
- libio-socket-ip-perl
- libio-socket-ssl-perl
- libjson-perl
- liblocale-codes-perl
- liblocale-maketext-perl
- liblocale-maketext-lexicon-perl
- liblocale-msgfmt-perl
- libwww-perl
- liblwp-protocol-https-perl
- liburi-perl
- libversion-perl
- python3-apt
list_apache_module:
- mod_rewrite
- rewrite
- cgi
- access_compat
vars_prompt:
- name: name_of_user
prompt: "Please enter the name of user, for which we are making settings (default root) \n"
private: no
default: root
tasks:
- name: 'install web server and other soft'
apt:
update_cache: yes
pkg: '{{ list_soft }}'
state: present
become: yes
- name: 'Prepare folder to put FosWiki Engine path = {{main_patch_to_fowiki}}{{path_to_foswiki_engine}}'
ansible.builtin.file:
path: '{{main_patch_to_fowiki}}{{path_to_foswiki_engine}}'
owner: '{{user_name_webserver}}'
group: '{{user_name_webserver}}'
mode: u+rwx,g+rwx,o+rwx
state: directory
become: yes
- name: 'Prepare folder to put FosWiki Database {{main_patch_to_fowiki}}{{path_to_foswiki_database}}'
ansible.builtin.file:
path: '{{main_patch_to_fowiki}}{{path_to_foswiki_database}}'
owner: '{{user_name_webserver}}'
group: '{{user_name_webserver}}'
mode: u+rwx,g+rwx,o+rwx
state: directory
become: yes
- name: 'Download FosWiki engine from git'
ansible.builtin.git:
repo: 'https://github.com/foswiki/distro.git'
dest: '{{main_patch_to_fowiki}}{{path_to_foswiki_engine}}'
# single_branch: yes #this parametr work in 2.11 and later version of ansible only
version: master
force: yes
- name: 'Config access right on file FosWiki Engine - give acces for {{user_name_webserver}} user'
ansible.builtin.file:
path: '{{main_patch_to_fowiki}}{{path_to_foswiki_engine}}'
owner: '{{user_name_webserver}}'
group: '{{user_name_webserver}}'
# mode: u+rwx,g+rx,o+rx
recurse: yes
state: directory
become: yes
- name: Make config for Apache - to run FosWiki site
ansible.builtin.blockinfile:
path: '{{path_to_foswiki_webserver_config_file}}'
mode: a+r
create: yes
block: |
# Autogenerated httpd.conf file for Foswiki.
# Generated at https://foswiki.org/Support/ApacheConfigGenerator?vhost=;port=;dir={{main_patch_to_fowiki}}{{path_to_foswiki_engine}};symlink=on;pathurl=/;shorterurls=disabled;engine=CGI;fastcgimodule=fastcgi;fcgidreqlen=;apver=2;confighost=;configip=;configuser=;loginmanager=Template;htpath=;errordocument=UserRegistration;errorcustom=;disablephp=on;blockpubhtml=on;blocktrashpub=;controlattach=;blockspiders=;foswikiversion=2.x;apacheversion=2.4;timeout=;ssl=;sslcert=/etc/ssl/apache2/yourservercert.pem;sslchain=/etc/ssl/apache2/sub.class1.server.ca.pem;sslkey=/etc/ssl/apache2/yourservercertkey.pem
# Configuration generated for Foswiki 2.x, Apache 2.4
Define foswikiroot "{{main_patch_to_fowiki}}{{path_to_foswiki_engine}}/core"
# The Alias defines a url that points to the root of the Foswiki installation.
# The first parameter will be part of the URL to your installation e.g.
# http://my.co.uk/foswiki/bin/view/...
# The second parameter must point to the physical path on your disc.
ScriptAlias /bin "${foswikiroot}/bin"
# The following Alias is used to access files in the pub directory (attachments etc)
# It must come _after_ the ScriptAlias.
# If short URLs are enabled, and any other local directories or files need to be accessed directly, they
# must also be specified in an Alias statement, and must not conflict with a web name.
Alias /pub "${foswikiroot}/pub"
Alias / "${foswikiroot}/"
# Block access to typical spam related attachments
# Except the Foswiki directory which is read only and does have attached html files.
SetEnvIf Request_URI "/pub/.*\.[hH][tT][mM][lL]?$" blockAccess
SetEnvIf Request_URI "/pub/System/.*\.[hH][tT][mM][lL]?$" !blockAccess
# This enables access to the documents in the Foswiki root directory
<Directory "${foswikiroot}">
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
</Directory>
# This specifies the options on the Foswiki scripts directory. The ExecCGI
# and SetHandler tell apache that it contains scripts. "Allow from all"
# lets any IP address access this URL.
# Note: If you use SELinux, you also have to "Allow httpd cgi support" in your SELinux policies
<Directory "${foswikiroot}/bin">
AllowOverride None
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
Options +ExecCGI +FollowSymLinks
SetHandler cgi-script
# Password file for Foswiki users
AuthUserFile "${foswikiroot}/data/.htpasswd"
AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
AuthType Basic
# File to return on access control error (e.g. wrong password)
ErrorDocument 401 /bin/view/System/UserRegistration
</Directory>
# This sets the options on the pub directory, which contains attachments and
# other files like CSS stylesheets and icons. AllowOverride None stops a
# user installing a .htaccess file that overrides these options.
# Note that files in pub are *not* protected by Foswiki Access Controls,
# so if you want to control access to files attached to topics you need to
# block access to the specific directories same way as the ApacheConfigGenerator
# blocks access to the pub directory of the Trash web
<Directory "${foswikiroot}/pub">
Options None
Options +FollowSymLinks
AllowOverride None
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
ErrorDocument 404 /bin/viewfile
# If you have PHP installed as Apache module, one of the below directives will ensure
# that it is disabled. The "ifmodule" statements should prevent this from causing
# errors if php is not installed.
<ifmodule mod_php3.c>
php3_engine off
</ifmodule>
<ifmodule mod_php4.c>
php_admin_flag engine off
</ifmodule>
<ifmodule mod_php5.c>
php_admin_flag engine off
</ifmodule>
# This line will redefine the mime type for the most common types of scripts
AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
# add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
# reducing the load on the server significantly
# IF you can, you should enable this - it _will_ improve your Foswiki experience, even if you set it to under one day.
# you may need to enable expires_module in your main apache config
#<ifmodule mod_expires.c>
# <filesmatch "\.(jpe?g|gif|png|css(\.gz)?|js(\.gz)?|ico)$">
# ExpiresActive on
# ExpiresDefault "access plus 11 days"
# </filesmatch>
#</ifmodule>
#
# Serve pre-compressed versions of .js and .css files, if they exist
# Some browsers do not handle this correctly, which is why it is disabled by default
# <FilesMatch "\.(js|css)$">
# RewriteCond %{HTTP:Accept-encoding} gzip
# RewriteCond %{REQUEST_FILENAME}.gz -f
# RewriteRule ^(.*)$ %{REQUEST_URI}.gz [L,QSA]
# </FilesMatch>
# <FilesMatch "\.(js|css)\?.*$">
# RewriteCond %{HTTP:Accept-encoding} gzip
# RewriteCond %{REQUEST_FILENAME}.gz -f
# RewriteRule ^([^?]*)\?(.*)$ $1.gz?$2 [L]
# </FilesMatch>
# <FilesMatch "\.js\.gz(\?.*)?$">
# AddEncoding x-gzip .gz
# AddType application/x-javascript .gz
# </FilesMatch>
# <FilesMatch "\.css\.gz(\?.*)?$">
# AddEncoding x-gzip .gz
# AddType text/css .gz
# </FilesMatch>
</Directory>
# Security note: All other directories should be set so
# that they are *not* visible as URLs, so we set them as =deny from all=.
<Directory "${foswikiroot}/data">
Require all denied
</Directory>
<Directory "${foswikiroot}/templates">
Require all denied
</Directory>
<Directory "${foswikiroot}/lib">
Require all denied
</Directory>
<Directory "${foswikiroot}/locale">
Require all denied
</Directory>
<Directory "${foswikiroot}/tools">
Require all denied
</Directory>
<Directory "${foswikiroot}/working">
Require all denied
</Directory>
# We set an environment variable called blockAccess.
#
# Setting a BrowserMatchNoCase to ^$ is important. It prevents Foswiki from
# including its own topics as URLs and also prevents other Foswikis from
# doing the same. This is important to prevent the most obvious
# Denial of Service attacks.
#
# You can expand this by adding more BrowserMatchNoCase statements to
# block evil browser agents trying to crawl your Foswiki
#
# Example:
# BrowserMatchNoCase ^SiteSucker blockAccess
# BrowserMatchNoCase ^$ blockAccess
BrowserMatchNoCase ^$ blockAccess
- name: 'Activate FosWiki config for apache'
ansible.builtin.shell:
cmd: 'a2ensite {{path_to_foswiki_webserver_config_file}}'
- name: 'Apache - enable some mods'
community.general.apache2_module:
state: present
name: '{{ list_apache_module }}'
- name: 'install plugin - by FosWiki manual'
ansible.builtin.shell:
chdir: '{{main_patch_to_fowiki}}{{path_to_foswiki_engine}}/core'
cmd: 'perl -T pseudo-install.pl default'
ignore_errors: yes #Default intallation plugin - always have some Error, ignore this
- name: 'Restart Apache 2 service - to applay config file'
ansible.builtin.service:
name: '{{web_server_name}}'
state: reloaded