Ansible lineinfile-apache虚拟主机块

时间:2019-03-12 06:35:14

标签: regex apache ansible virtualhost

我正在尝试通过ansible管理我的apache http虚拟主机配置文件。我想在文件的某个位置插入新行。不幸的是,我的ansible配置不正确,因为ansible总是在文件末尾插入新行。

这是我要插入的行:

Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ $1

这就是我正在使用的烦人的任务配置。如您所见,当注释'#each header ...'开始时,我想在第37行之前插入新行。

- lineinfile:
    path: /somewhere/default.conf
    regexp: '^[ ]Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ $1'
    insertbefore: '^[ \t]# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.'
    line: 'Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ $1'

这是默认设置。

<VirtualHost 0.0.0.0:${JIVE_HTTPD_PORT}>
    DocumentRoot "${JIVE_HOME}/var/www"

    ErrorDocument  404 /___sbsstatic___/404.html
    ErrorDocument  500 /___sbsstatic___/500.html
    ErrorDocument  501 /___sbsstatic___/catchall.html
    ErrorDocument  502 /___sbsstatic___/catchall.html
    ErrorDocument  503 /___sbsstatic___/maintenance.html
    ErrorDocument  504 /___sbsstatic___/maintenance.html
    ErrorDocument  505 /___sbsstatic___/catchall.html

    <Directory />
        Options FollowSymLinks
        Require all denied
    </Directory>

    <Directory ${JIVE_HOME}/applications/*/home/www>
        Options FollowSymLinks
        Require all granted
    </Directory>

    <Directory ${JIVE_HOME}/var/www/resources>
        Options -Indexes
    </Directory>

    LogLevel info
    CustomLog "${LOG_DIR}/jive-httpd-access.log" common
    ErrorLog "${LOG_DIR}/jive-httpd-error.log"

    RequestHeader set X-Forwarded-Secure "false"
    ProxyRequests Off
    ProxyPreserveHost on
    Header edit Set-Cookie "(?<!;\sHttpOnly)$" ";HttpOnly"
    # The JCAPI-Token (CSRF protection via double-submit cookie) needs to accessible, so strip HttpOnly
    Header edit Set-Cookie (JCAPI-Token=.*);\s?HttpOnly$ $1

    # each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.
    LimitRequestFieldsize 12392

    RewriteEngine On
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/$1 [PT]

    # Serve gzip compressed JS files if they exist and the client accepts gzip.
    RewriteCond %{HTTP:Accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME}\.gz -s
    RewriteRule ^(.*)\.js $1\.js\.gz [QSA]

    # Serve correct content types, and prevent mod_deflate double gzip.
    RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]

    # Replace double dashes on project urls to keep old links working on updated instances
    RewriteRule ^(.*/projects/.*)--(.*)$ $1-$2 [L,R=301]

    CacheMaxFileSize 5242880
    CacheEnable mem /images/
    CacheEnable mem /scripts/
    CacheEnable mem /styles/
    CacheEnable mem /resources/
    CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID

    # Header unset X-JIVE-USER-ID

    ExpiresActive On
    ExpiresDefault "now"
    ExpiresByType image/gif "access plus 10 years"
    ExpiresByType image/png "access plus 10 years"
    ExpiresByType image/jpeg "access plus 10 years"
    ExpiresByType image/x-icon "access plus 10 years"
    ExpiresByType text/css "access plus 10 years"
    ExpiresByType application/javascript "access plus 10 years"
    ExpiresByType application/x-shockwave-flash "access plus 10 years"
    <LocationMatch "\.(woff|eot|ttf|svg)$">  
        ExpiresDefault "access plus 10 years"  
    </LocationMatch>  

    ProxyPass /___sbsstatic___/ !
    ProxyPass /images/ !
    ProxyPass /styles/ !
    ProxyPass /scripts/ !
    ProxyPass /resources/scripts/ !
    ProxyPass /resources/images/ !
    ProxyPass /resources/styles/ !
    ProxyPass /resources/statics/ !

    Include sites/proxies/*.conf
    Include sites/conf.d/*.conf

</VirtualHost>

<IfDefine SSL>
Listen ${SSL_PORT}
<VirtualHost 0.0.0.0:${SSL_PORT}>
    DocumentRoot "${JIVE_HOME}/var/www"

    ErrorDocument  404 /___sbsstatic___/404.html
    ErrorDocument  500 /___sbsstatic___/500.html
    ErrorDocument  501 /___sbsstatic___/catchall.html
    ErrorDocument  502 /___sbsstatic___/catchall.html
    ErrorDocument  503 /___sbsstatic___/maintenance.html
    ErrorDocument  504 /___sbsstatic___/maintenance.html
    ErrorDocument  505 /___sbsstatic___/catchall.html

    <Directory />
        Options FollowSymLinks
        Require all granted
        SSLRequireSSL
    </Directory>

    <Directory ${JIVE_HOME}/var/www/resources>
        Options -Indexes
    </Directory>

    LogLevel info
    CustomLog "${LOG_DIR}/jive-httpd-ssl-access.log" common
    ErrorLog "${LOG_DIR}/jive-httpd-ssl-error.log"

    RequestHeader set X-Forwarded-Secure "true"
    ProxyRequests Off
    ProxyPreserveHost On

    RewriteEngine On
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/$1
    RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/$1 [PT]

    # Serve gzip compressed JS files if they exist and the client accepts gzip.
    RewriteCond %{HTTP:Accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME}\.gz -s
    RewriteRule ^(.*)\.js $1\.js\.gz [QSA]

    # Serve correct content types, and prevent mod_deflate double gzip.
    RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]

    # Replace double dashes on project urls to keep old links working on updated instances
    RewriteRule ^(.*/projects/.*)--(.*)$ $1-$2 [L,R=301]

    CacheMaxFileSize 5242880
    CacheEnable mem /styles/
    CacheEnable mem /images/
    CacheEnable mem /scripts/
    CacheEnable mem /resources/
    CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID

    # Header unset X-JIVE-USER-ID

    ExpiresActive On
    ExpiresDefault "now"
    ExpiresByType image/gif "access plus 10 years"
    ExpiresByType image/png "access plus 10 years"
    ExpiresByType image/jpeg "access plus 10 years"
    ExpiresByType image/x-icon "access plus 10 years"
    ExpiresByType text/css "access plus 10 years"
    ExpiresByType application/javascript "access plus 10 years"
    ExpiresByType application/x-shockwave-flash "access plus 10 years"
    <LocationMatch "\.(woff|eot|ttf|svg)$">
        ExpiresDefault "access plus 10 years"
    </LocationMatch>

    ProxyPass /___sbsstatic___/ !
    ProxyPass /images/ !
    ProxyPass /styles/ !
    ProxyPass /scripts/ !
    ProxyPass /resources/scripts/ !
    ProxyPass /resources/images/ !
    ProxyPass /resources/styles/ !
    ProxyPass /resources/statics/ !

    Include sites/proxies/*.conf
    Include sites/conf.d/*.conf

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
    SSLCertificateFile "${SSL_CERTIFICATE_FILE}"
    SSLCertificateKeyFile "${SSL_CERTIFICATE_KEY_FILE}"

</VirtualHost>
</IfDefine>

2 个答案:

答案 0 :(得分:0)

一种选择是使用模板并将虚拟主机的配置放置到单独的文件中

- name: "httpd-vhosts: Configure virtual hosts in {{ apache_conf_path }}/extra/"
  template:
    src: "vhost.j2"
    dest: "{{ apache_conf_path }}/extra/{{ item.ServerName }}.conf"
    ....

并将这些文件包含在httpd.conf

- name: "httpd-vhosts: Incl virtual hosts in {{ apache_conf_path }}/httpd.conf"
  lineinfile:
    dest: "{{ apache_conf_path }}/httpd.conf"
    regexp: "^Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
    line: "Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
    ...

详细信息位于httpd-vhosts.ymlvhost.j2中。 FWIW,这是Apache Galaxy角色。

答案 1 :(得分:0)

您的insertbefore正则表达式似乎有问题,尤其是[ \t]部分。

我会改用\s*,这意味着一个或多个空白字符

此外,您将.用作令牌,而不是点的实际字符。您应该逃脱它。

因此它将是:

    insertbefore: '^\s*# each header may be up to 12392 bytes\. This is the SPNEGO authentication header size limit\.'

我建议使用website regex101.com,在其中可以在线检查正则表达式,并详细说明正则表达式模式。

您的具体建议和我的建议已在此link中预先填写。