From 97e980fbf7812e5ce231f6f491b44467124bee92 Mon Sep 17 00:00:00 2001 From: "Andreas B. Mundt" Date: Wed, 15 Jan 2020 19:47:06 +0100 Subject: [PATCH] Move content from htaccess file to site config. Separate krb5 config. --- roles/nextcloud/files/htaccess | 8 ------- roles/nextcloud/files/krb5-nextcloud.conf | 24 --------------------- roles/nextcloud/files/nextcloud.conf | 14 ++++++++---- roles/nextcloud/tasks/main.yml | 26 ++++++++++++++++------- 4 files changed, 28 insertions(+), 44 deletions(-) delete mode 100644 roles/nextcloud/files/htaccess diff --git a/roles/nextcloud/files/htaccess b/roles/nextcloud/files/htaccess deleted file mode 100644 index ad8b40f..0000000 --- a/roles/nextcloud/files/htaccess +++ /dev/null @@ -1,8 +0,0 @@ - - RewriteEngine on - RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L] - RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L] - RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L] - RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L] - RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L] - diff --git a/roles/nextcloud/files/krb5-nextcloud.conf b/roles/nextcloud/files/krb5-nextcloud.conf index 10b9e82..9ccb2ab 100644 --- a/roles/nextcloud/files/krb5-nextcloud.conf +++ b/roles/nextcloud/files/krb5-nextcloud.conf @@ -1,5 +1,3 @@ -Alias /nextcloud "/var/www/nextcloud/" - AuthType GSSAPI AuthName "Login to NextCloud" @@ -11,25 +9,3 @@ Alias /nextcloud "/var/www/nextcloud/" GssapiBasicAuth On require valid-user - - - Require all granted - Options FollowSymlinks MultiViews - AllowOverride All - - - Dav off - - - SetEnv HOME /var/www/nextcloud - SetEnv HTTP_HOME /var/www/nextcloud - - - - - AllowOverride FileInfo - - - - Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" - diff --git a/roles/nextcloud/files/nextcloud.conf b/roles/nextcloud/files/nextcloud.conf index d7cb013..635f7ee 100644 --- a/roles/nextcloud/files/nextcloud.conf +++ b/roles/nextcloud/files/nextcloud.conf @@ -1,6 +1,6 @@ -Alias /nextcloud "/var/www/nextcloud/" +Alias /nextcloud "/var/www/nextcloud" - + Require all granted Options FollowSymlinks MultiViews AllowOverride All @@ -11,11 +11,17 @@ Alias /nextcloud "/var/www/nextcloud/" SetEnv HOME /var/www/nextcloud SetEnv HTTP_HOME /var/www/nextcloud - - AllowOverride FileInfo + + RewriteEngine on + RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L] + RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L] + RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L] + RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L] + RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L] + diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 2f51ad8..3ac9c2e 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -75,16 +75,13 @@ copy: src: nextcloud.conf dest: /etc/apache2/sites-available/nextcloud.conf + notify: "restart apache2" -- name: provide htaccess file +- name: provide kerberos SSO config copy: - src: htaccess - dest: /var/www/html/.htaccess - -- name: enable https - command: a2ensite default-ssl.conf - args: - creates: /etc/apache2/sites-enabled/default-ssl.conf + src: krb5-nextcloud.conf + dest: /etc/apache2/sites-available/krb5-nextcloud.conf + when: "'kerberize' in role_names" notify: "restart apache2" - name: enable nextcloud site @@ -93,6 +90,19 @@ creates: /etc/apache2/sites-enabled/nextcloud.conf notify: "restart apache2" +- name: enable kerberos access to nextcloud site + command: a2ensite krb5-nextcloud.conf + args: + creates: /etc/apache2/sites-enabled/krb5-nextcloud.conf + notify: "restart apache2" + when: "'kerberize' in role_names" + +- name: enable https + command: a2ensite default-ssl.conf + args: + creates: /etc/apache2/sites-enabled/default-ssl.conf + notify: "restart apache2" + - name: make sure data directory exists file: path: "{{ data_dir }}"