diff --git a/roles/nextcloud/files/htaccess b/roles/nextcloud/files/htaccess
deleted file mode 100644
index ad8b40f..0000000
--- a/roles/nextcloud/files/htaccess
+++ /dev/null
@@ -1,8 +0,0 @@
-
- RewriteEngine on
- RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
- RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
- RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
- RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
- RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
-
diff --git a/roles/nextcloud/files/krb5-nextcloud.conf b/roles/nextcloud/files/krb5-nextcloud.conf
index 10b9e82..9ccb2ab 100644
--- a/roles/nextcloud/files/krb5-nextcloud.conf
+++ b/roles/nextcloud/files/krb5-nextcloud.conf
@@ -1,5 +1,3 @@
-Alias /nextcloud "/var/www/nextcloud/"
-
AuthType GSSAPI
AuthName "Login to NextCloud"
@@ -11,25 +9,3 @@ Alias /nextcloud "/var/www/nextcloud/"
GssapiBasicAuth On
require valid-user
-
-
- Require all granted
- Options FollowSymlinks MultiViews
- AllowOverride All
-
-
- Dav off
-
-
- SetEnv HOME /var/www/nextcloud
- SetEnv HTTP_HOME /var/www/nextcloud
-
-
-
-
- AllowOverride FileInfo
-
-
-
- Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
-
diff --git a/roles/nextcloud/files/nextcloud.conf b/roles/nextcloud/files/nextcloud.conf
index d7cb013..635f7ee 100644
--- a/roles/nextcloud/files/nextcloud.conf
+++ b/roles/nextcloud/files/nextcloud.conf
@@ -1,6 +1,6 @@
-Alias /nextcloud "/var/www/nextcloud/"
+Alias /nextcloud "/var/www/nextcloud"
-
+
Require all granted
Options FollowSymlinks MultiViews
AllowOverride All
@@ -11,11 +11,17 @@ Alias /nextcloud "/var/www/nextcloud/"
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
-
- AllowOverride FileInfo
+
+ RewriteEngine on
+ RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
+ RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
+ RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
+ RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
+ RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
+
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 2f51ad8..3ac9c2e 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -75,16 +75,13 @@
copy:
src: nextcloud.conf
dest: /etc/apache2/sites-available/nextcloud.conf
+ notify: "restart apache2"
-- name: provide htaccess file
+- name: provide kerberos SSO config
copy:
- src: htaccess
- dest: /var/www/html/.htaccess
-
-- name: enable https
- command: a2ensite default-ssl.conf
- args:
- creates: /etc/apache2/sites-enabled/default-ssl.conf
+ src: krb5-nextcloud.conf
+ dest: /etc/apache2/sites-available/krb5-nextcloud.conf
+ when: "'kerberize' in role_names"
notify: "restart apache2"
- name: enable nextcloud site
@@ -93,6 +90,19 @@
creates: /etc/apache2/sites-enabled/nextcloud.conf
notify: "restart apache2"
+- name: enable kerberos access to nextcloud site
+ command: a2ensite krb5-nextcloud.conf
+ args:
+ creates: /etc/apache2/sites-enabled/krb5-nextcloud.conf
+ notify: "restart apache2"
+ when: "'kerberize' in role_names"
+
+- name: enable https
+ command: a2ensite default-ssl.conf
+ args:
+ creates: /etc/apache2/sites-enabled/default-ssl.conf
+ notify: "restart apache2"
+
- name: make sure data directory exists
file:
path: "{{ data_dir }}"