Ansible lineinfile - apache 虚拟主机块
Ansible lineinfile - apache virtual host block
我正在尝试通过 ansible 管理我的 apache http 虚拟主机配置文件。我想在文件中的某个点插入一个新行。不幸的是,我的 ansible 配置不对,因为 ansible 总是在文件末尾插入新行。
这是我要插入的行:
Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$
这就是我正在使用的可靠任务配置。所以你可以看到我想在第 37 行之前插入新行,当注释“# each header ...”开始时。
- lineinfile:
path: /somewhere/default.conf
regexp: '^[ ]Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ '
insertbefore: '^[ \t]# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.'
line: 'Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ '
这就是 default.conf
<VirtualHost 0.0.0.0:${JIVE_HTTPD_PORT}>
DocumentRoot "${JIVE_HOME}/var/www"
ErrorDocument 404 /___sbsstatic___/404.html
ErrorDocument 500 /___sbsstatic___/500.html
ErrorDocument 501 /___sbsstatic___/catchall.html
ErrorDocument 502 /___sbsstatic___/catchall.html
ErrorDocument 503 /___sbsstatic___/maintenance.html
ErrorDocument 504 /___sbsstatic___/maintenance.html
ErrorDocument 505 /___sbsstatic___/catchall.html
<Directory />
Options FollowSymLinks
Require all denied
</Directory>
<Directory ${JIVE_HOME}/applications/*/home/www>
Options FollowSymLinks
Require all granted
</Directory>
<Directory ${JIVE_HOME}/var/www/resources>
Options -Indexes
</Directory>
LogLevel info
CustomLog "${LOG_DIR}/jive-httpd-access.log" common
ErrorLog "${LOG_DIR}/jive-httpd-error.log"
RequestHeader set X-Forwarded-Secure "false"
ProxyRequests Off
ProxyPreserveHost on
Header edit Set-Cookie "(?<!;\sHttpOnly)$" ";HttpOnly"
# The JCAPI-Token (CSRF protection via double-submit cookie) needs to accessible, so strip HttpOnly
Header edit Set-Cookie (JCAPI-Token=.*);\s?HttpOnly$
# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.
LimitRequestFieldsize 12392
RewriteEngine On
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/ [PT]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js \.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
# Replace double dashes on project urls to keep old links working on updated instances
RewriteRule ^(.*/projects/.*)--(.*)$ - [L,R=301]
CacheMaxFileSize 5242880
CacheEnable mem /images/
CacheEnable mem /scripts/
CacheEnable mem /styles/
CacheEnable mem /resources/
CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID
# Header unset X-JIVE-USER-ID
ExpiresActive On
ExpiresDefault "now"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/jpeg "access plus 10 years"
ExpiresByType image/x-icon "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType application/x-shockwave-flash "access plus 10 years"
<LocationMatch "\.(woff|eot|ttf|svg)$">
ExpiresDefault "access plus 10 years"
</LocationMatch>
ProxyPass /___sbsstatic___/ !
ProxyPass /images/ !
ProxyPass /styles/ !
ProxyPass /scripts/ !
ProxyPass /resources/scripts/ !
ProxyPass /resources/images/ !
ProxyPass /resources/styles/ !
ProxyPass /resources/statics/ !
Include sites/proxies/*.conf
Include sites/conf.d/*.conf
</VirtualHost>
<IfDefine SSL>
Listen ${SSL_PORT}
<VirtualHost 0.0.0.0:${SSL_PORT}>
DocumentRoot "${JIVE_HOME}/var/www"
ErrorDocument 404 /___sbsstatic___/404.html
ErrorDocument 500 /___sbsstatic___/500.html
ErrorDocument 501 /___sbsstatic___/catchall.html
ErrorDocument 502 /___sbsstatic___/catchall.html
ErrorDocument 503 /___sbsstatic___/maintenance.html
ErrorDocument 504 /___sbsstatic___/maintenance.html
ErrorDocument 505 /___sbsstatic___/catchall.html
<Directory />
Options FollowSymLinks
Require all granted
SSLRequireSSL
</Directory>
<Directory ${JIVE_HOME}/var/www/resources>
Options -Indexes
</Directory>
LogLevel info
CustomLog "${LOG_DIR}/jive-httpd-ssl-access.log" common
ErrorLog "${LOG_DIR}/jive-httpd-ssl-error.log"
RequestHeader set X-Forwarded-Secure "true"
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/ [PT]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js \.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
# Replace double dashes on project urls to keep old links working on updated instances
RewriteRule ^(.*/projects/.*)--(.*)$ - [L,R=301]
CacheMaxFileSize 5242880
CacheEnable mem /styles/
CacheEnable mem /images/
CacheEnable mem /scripts/
CacheEnable mem /resources/
CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID
# Header unset X-JIVE-USER-ID
ExpiresActive On
ExpiresDefault "now"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/jpeg "access plus 10 years"
ExpiresByType image/x-icon "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType application/x-shockwave-flash "access plus 10 years"
<LocationMatch "\.(woff|eot|ttf|svg)$">
ExpiresDefault "access plus 10 years"
</LocationMatch>
ProxyPass /___sbsstatic___/ !
ProxyPass /images/ !
ProxyPass /styles/ !
ProxyPass /scripts/ !
ProxyPass /resources/scripts/ !
ProxyPass /resources/images/ !
ProxyPass /resources/styles/ !
ProxyPass /resources/statics/ !
Include sites/proxies/*.conf
Include sites/conf.d/*.conf
SSLEngine on
SSLCipherSuite ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
SSLCertificateFile "${SSL_CERTIFICATE_FILE}"
SSLCertificateKeyFile "${SSL_CERTIFICATE_KEY_FILE}"
</VirtualHost>
</IfDefine>
一个选项是使用模板并将虚拟主机的配置放在单独的文件中
- name: "httpd-vhosts: Configure virtual hosts in {{ apache_conf_path }}/extra/"
template:
src: "vhost.j2"
dest: "{{ apache_conf_path }}/extra/{{ item.ServerName }}.conf"
....
并将这些文件包含在 httpd.conf
中
- name: "httpd-vhosts: Incl virtual hosts in {{ apache_conf_path }}/httpd.conf"
lineinfile:
dest: "{{ apache_conf_path }}/httpd.conf"
regexp: "^Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
line: "Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
...
httpd-vhosts.yml and vhost.j2. FWIW, here is the Apache 银河角色中提供了详细信息。
您的 insertbefore
正则表达式似乎有问题,特别是 [ \t]
.
部分
我会选择 \s*
,这意味着 一个或多个空白字符。
此外,您将 .
用作 标记 ,而不是点的实际字符。你应该逃避它。
所以会是:
insertbefore: '^\s*# each header may be up to 12392 bytes\. This is the SPNEGO authentication header size limit\.'
我推荐 website regex101.com,您可以在其中在线检查您的正则表达式,并详细说明您的正则表达式模式。
您的具体意见和我的建议已预先填入此 link。
我正在尝试通过 ansible 管理我的 apache http 虚拟主机配置文件。我想在文件中的某个点插入一个新行。不幸的是,我的 ansible 配置不对,因为 ansible 总是在文件末尾插入新行。
这是我要插入的行:
Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$
这就是我正在使用的可靠任务配置。所以你可以看到我想在第 37 行之前插入新行,当注释“# each header ...”开始时。
- lineinfile:
path: /somewhere/default.conf
regexp: '^[ ]Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ '
insertbefore: '^[ \t]# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.'
line: 'Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ '
这就是 default.conf
<VirtualHost 0.0.0.0:${JIVE_HTTPD_PORT}>
DocumentRoot "${JIVE_HOME}/var/www"
ErrorDocument 404 /___sbsstatic___/404.html
ErrorDocument 500 /___sbsstatic___/500.html
ErrorDocument 501 /___sbsstatic___/catchall.html
ErrorDocument 502 /___sbsstatic___/catchall.html
ErrorDocument 503 /___sbsstatic___/maintenance.html
ErrorDocument 504 /___sbsstatic___/maintenance.html
ErrorDocument 505 /___sbsstatic___/catchall.html
<Directory />
Options FollowSymLinks
Require all denied
</Directory>
<Directory ${JIVE_HOME}/applications/*/home/www>
Options FollowSymLinks
Require all granted
</Directory>
<Directory ${JIVE_HOME}/var/www/resources>
Options -Indexes
</Directory>
LogLevel info
CustomLog "${LOG_DIR}/jive-httpd-access.log" common
ErrorLog "${LOG_DIR}/jive-httpd-error.log"
RequestHeader set X-Forwarded-Secure "false"
ProxyRequests Off
ProxyPreserveHost on
Header edit Set-Cookie "(?<!;\sHttpOnly)$" ";HttpOnly"
# The JCAPI-Token (CSRF protection via double-submit cookie) needs to accessible, so strip HttpOnly
Header edit Set-Cookie (JCAPI-Token=.*);\s?HttpOnly$
# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.
LimitRequestFieldsize 12392
RewriteEngine On
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/ [PT]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js \.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
# Replace double dashes on project urls to keep old links working on updated instances
RewriteRule ^(.*/projects/.*)--(.*)$ - [L,R=301]
CacheMaxFileSize 5242880
CacheEnable mem /images/
CacheEnable mem /scripts/
CacheEnable mem /styles/
CacheEnable mem /resources/
CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID
# Header unset X-JIVE-USER-ID
ExpiresActive On
ExpiresDefault "now"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/jpeg "access plus 10 years"
ExpiresByType image/x-icon "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType application/x-shockwave-flash "access plus 10 years"
<LocationMatch "\.(woff|eot|ttf|svg)$">
ExpiresDefault "access plus 10 years"
</LocationMatch>
ProxyPass /___sbsstatic___/ !
ProxyPass /images/ !
ProxyPass /styles/ !
ProxyPass /scripts/ !
ProxyPass /resources/scripts/ !
ProxyPass /resources/images/ !
ProxyPass /resources/styles/ !
ProxyPass /resources/statics/ !
Include sites/proxies/*.conf
Include sites/conf.d/*.conf
</VirtualHost>
<IfDefine SSL>
Listen ${SSL_PORT}
<VirtualHost 0.0.0.0:${SSL_PORT}>
DocumentRoot "${JIVE_HOME}/var/www"
ErrorDocument 404 /___sbsstatic___/404.html
ErrorDocument 500 /___sbsstatic___/500.html
ErrorDocument 501 /___sbsstatic___/catchall.html
ErrorDocument 502 /___sbsstatic___/catchall.html
ErrorDocument 503 /___sbsstatic___/maintenance.html
ErrorDocument 504 /___sbsstatic___/maintenance.html
ErrorDocument 505 /___sbsstatic___/catchall.html
<Directory />
Options FollowSymLinks
Require all granted
SSLRequireSSL
</Directory>
<Directory ${JIVE_HOME}/var/www/resources>
Options -Indexes
</Directory>
LogLevel info
CustomLog "${LOG_DIR}/jive-httpd-ssl-access.log" common
ErrorLog "${LOG_DIR}/jive-httpd-ssl-error.log"
RequestHeader set X-Forwarded-Secure "true"
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/ [PT]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js \.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
# Replace double dashes on project urls to keep old links working on updated instances
RewriteRule ^(.*/projects/.*)--(.*)$ - [L,R=301]
CacheMaxFileSize 5242880
CacheEnable mem /styles/
CacheEnable mem /images/
CacheEnable mem /scripts/
CacheEnable mem /resources/
CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID
# Header unset X-JIVE-USER-ID
ExpiresActive On
ExpiresDefault "now"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/jpeg "access plus 10 years"
ExpiresByType image/x-icon "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType application/x-shockwave-flash "access plus 10 years"
<LocationMatch "\.(woff|eot|ttf|svg)$">
ExpiresDefault "access plus 10 years"
</LocationMatch>
ProxyPass /___sbsstatic___/ !
ProxyPass /images/ !
ProxyPass /styles/ !
ProxyPass /scripts/ !
ProxyPass /resources/scripts/ !
ProxyPass /resources/images/ !
ProxyPass /resources/styles/ !
ProxyPass /resources/statics/ !
Include sites/proxies/*.conf
Include sites/conf.d/*.conf
SSLEngine on
SSLCipherSuite ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
SSLCertificateFile "${SSL_CERTIFICATE_FILE}"
SSLCertificateKeyFile "${SSL_CERTIFICATE_KEY_FILE}"
</VirtualHost>
</IfDefine>
一个选项是使用模板并将虚拟主机的配置放在单独的文件中
- name: "httpd-vhosts: Configure virtual hosts in {{ apache_conf_path }}/extra/"
template:
src: "vhost.j2"
dest: "{{ apache_conf_path }}/extra/{{ item.ServerName }}.conf"
....
并将这些文件包含在 httpd.conf
中- name: "httpd-vhosts: Incl virtual hosts in {{ apache_conf_path }}/httpd.conf"
lineinfile:
dest: "{{ apache_conf_path }}/httpd.conf"
regexp: "^Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
line: "Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
...
httpd-vhosts.yml and vhost.j2. FWIW, here is the Apache 银河角色中提供了详细信息。
您的 insertbefore
正则表达式似乎有问题,特别是 [ \t]
.
我会选择 \s*
,这意味着 一个或多个空白字符。
此外,您将 .
用作 标记 ,而不是点的实际字符。你应该逃避它。
所以会是:
insertbefore: '^\s*# each header may be up to 12392 bytes\. This is the SPNEGO authentication header size limit\.'
我推荐 website regex101.com,您可以在其中在线检查您的正则表达式,并详细说明您的正则表达式模式。
您的具体意见和我的建议已预先填入此 link。