Move content from htaccess file to site config. Separate krb5 config.

2020-01-15 19:47:06 +01:00 · 2020-01-15 19:47:06 +01:00 · 97e980fbf7
commit 97e980fbf7
parent e069171539
4 changed files with 28 additions and 44 deletions
--- a/roles/nextcloud/files/htaccess
+++ b/roles/nextcloud/files/htaccess
@ -1,8 +0,0 @@
 <IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
  RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
  RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
  RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
  RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
 </IfModule>
--- a/roles/nextcloud/files/krb5-nextcloud.conf
+++ b/roles/nextcloud/files/krb5-nextcloud.conf
@ -1,5 +1,3 @@
 Alias /nextcloud "/var/www/nextcloud/"
 <Location "/nextcloud/index.php/apps/user_saml/saml/login" >
  AuthType             GSSAPI
  AuthName             "Login to NextCloud"
@ -11,25 +9,3 @@ Alias /nextcloud "/var/www/nextcloud/"
  GssapiBasicAuth      On
  require              valid-user
 </Location>
 <Directory /var/www/nextcloud/>
  Require all granted
  Options FollowSymlinks MultiViews
  AllowOverride All
  <IfModule mod_dav.c>
    Dav off
  </IfModule>
  SetEnv HOME /var/www/nextcloud
  SetEnv HTTP_HOME /var/www/nextcloud
 </Directory>
 <Directory /var/www/html>
  AllowOverride FileInfo
 </Directory>
 <IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
 </IfModule>
--- a/roles/nextcloud/files/nextcloud.conf
+++ b/roles/nextcloud/files/nextcloud.conf
@ -1,6 +1,6 @@
-Alias /nextcloud "/var/www/nextcloud/"
+Alias /nextcloud "/var/www/nextcloud"
-<Directory /var/www/nextcloud/>
+<Directory /var/www/nextcloud>
  Require all granted
  Options FollowSymlinks MultiViews
  AllowOverride All
@ -11,11 +11,17 @@ Alias /nextcloud "/var/www/nextcloud/"
  SetEnv HOME /var/www/nextcloud
  SetEnv HTTP_HOME /var/www/nextcloud
 </Directory>
 <Directory /var/www/html>
-  AllowOverride FileInfo
+  <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^\.well-known/host-meta /nextcloud/public.php?service=host-meta [QSA,L]
    RewriteRule ^\.well-known/host-meta\.json /nextcloud/public.php?service=host-meta-json [QSA,L]
    RewriteRule ^\.well-known/webfinger /nextcloud/public.php?service=webfinger [QSA,L]
    RewriteRule ^\.well-known/carddav /nextcloud/remote.php/dav/ [R=301,L]
    RewriteRule ^\.well-known/caldav /nextcloud/remote.php/dav/ [R=301,L]
  </IfModule> 
 </Directory>
 <IfModule mod_headers.c>
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@ -75,16 +75,13 @@
  copy:
    src: nextcloud.conf
    dest: /etc/apache2/sites-available/nextcloud.conf
  notify: "restart apache2"
- name: provide htaccess file
+- name: provide kerberos SSO config
  copy:
-    src: htaccess
+    src: krb5-nextcloud.conf
-    dest: /var/www/html/.htaccess
+    dest: /etc/apache2/sites-available/krb5-nextcloud.conf
-
+  when: "'kerberize' in role_names"
 - name: enable https
  command: a2ensite default-ssl.conf
  args:
    creates: /etc/apache2/sites-enabled/default-ssl.conf
  notify: "restart apache2"
 - name: enable nextcloud site
@ -93,6 +90,19 @@
    creates: /etc/apache2/sites-enabled/nextcloud.conf
  notify: "restart apache2"
 - name: enable kerberos access to nextcloud site
  command: a2ensite krb5-nextcloud.conf
  args:
    creates: /etc/apache2/sites-enabled/krb5-nextcloud.conf
  notify: "restart apache2"
  when: "'kerberize' in role_names"
 - name: enable https
  command: a2ensite default-ssl.conf
  args:
    creates: /etc/apache2/sites-enabled/default-ssl.conf
  notify: "restart apache2"
 - name: make sure data directory exists
  file:
    path: "{{ data_dir }}"