skip to Main Content

I am trying to manage my apache http virtual host configuration file by ansible. I would like to insert a new line at a certain point in the file. Unfortunately, my ansible configuration is not right, because ansible always inserts the new line at the end of the file.

Here’s the line I want to insert:

Header edit Set-Cookie (ADRU.*=.*);s?HttpOnly$ $1

And that’s the ansible task configuration I’m using. So as you can see I woud like to insert the new line before line 37, when the comment ‘# each header …’ starts.

- lineinfile:
    path: /somewhere/default.conf
    regexp: '^[ ]Header edit Set-Cookie (ADRU.*=.*);s?HttpOnly$ $1'
    insertbefore: '^[ t]# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.'
    line: 'Header edit Set-Cookie (ADRU.*=.*);s?HttpOnly$ $1'

And that’s the default.conf

<VirtualHost 0.0.0.0:${JIVE_HTTPD_PORT}>
    DocumentRoot "${JIVE_HOME}/var/www"

    ErrorDocument  404 /___sbsstatic___/404.html
    ErrorDocument  500 /___sbsstatic___/500.html
    ErrorDocument  501 /___sbsstatic___/catchall.html
    ErrorDocument  502 /___sbsstatic___/catchall.html
    ErrorDocument  503 /___sbsstatic___/maintenance.html
    ErrorDocument  504 /___sbsstatic___/maintenance.html
    ErrorDocument  505 /___sbsstatic___/catchall.html

    <Directory />
        Options FollowSymLinks
        Require all denied
    </Directory>

    <Directory ${JIVE_HOME}/applications/*/home/www>
        Options FollowSymLinks
        Require all granted
    </Directory>

    <Directory ${JIVE_HOME}/var/www/resources>
        Options -Indexes
    </Directory>

    LogLevel info
    CustomLog "${LOG_DIR}/jive-httpd-access.log" common
    ErrorLog "${LOG_DIR}/jive-httpd-error.log"

    RequestHeader set X-Forwarded-Secure "false"
    ProxyRequests Off
    ProxyPreserveHost on
    Header edit Set-Cookie "(?<!;sHttpOnly)$" ";HttpOnly"
    # The JCAPI-Token (CSRF protection via double-submit cookie) needs to accessible, so strip HttpOnly
    Header edit Set-Cookie (JCAPI-Token=.*);s?HttpOnly$ $1

    # each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.
    LimitRequestFieldsize 12392

    RewriteEngine On
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/images/(.*)$ /images/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/styles/(.*)$ /styles/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/resources/(.*)$ /resources/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/__services/(.*)$ /__services/$1 [PT]

    # Serve gzip compressed JS files if they exist and the client accepts gzip.
    RewriteCond %{HTTP:Accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME}.gz -s
    RewriteRule ^(.*).js $1.js.gz [QSA]

    # Serve correct content types, and prevent mod_deflate double gzip.
    RewriteRule .js.gz$ - [T=text/javascript,E=no-gzip:1]

    # Replace double dashes on project urls to keep old links working on updated instances
    RewriteRule ^(.*/projects/.*)--(.*)$ $1-$2 [L,R=301]

    CacheMaxFileSize 5242880
    CacheEnable mem /images/
    CacheEnable mem /scripts/
    CacheEnable mem /styles/
    CacheEnable mem /resources/
    CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID

    # Header unset X-JIVE-USER-ID

    ExpiresActive On
    ExpiresDefault "now"
    ExpiresByType image/gif "access plus 10 years"
    ExpiresByType image/png "access plus 10 years"
    ExpiresByType image/jpeg "access plus 10 years"
    ExpiresByType image/x-icon "access plus 10 years"
    ExpiresByType text/css "access plus 10 years"
    ExpiresByType application/javascript "access plus 10 years"
    ExpiresByType application/x-shockwave-flash "access plus 10 years"
    <LocationMatch ".(woff|eot|ttf|svg)$">  
        ExpiresDefault "access plus 10 years"  
    </LocationMatch>  

    ProxyPass /___sbsstatic___/ !
    ProxyPass /images/ !
    ProxyPass /styles/ !
    ProxyPass /scripts/ !
    ProxyPass /resources/scripts/ !
    ProxyPass /resources/images/ !
    ProxyPass /resources/styles/ !
    ProxyPass /resources/statics/ !

    Include sites/proxies/*.conf
    Include sites/conf.d/*.conf

</VirtualHost>

<IfDefine SSL>
Listen ${SSL_PORT}
<VirtualHost 0.0.0.0:${SSL_PORT}>
    DocumentRoot "${JIVE_HOME}/var/www"

    ErrorDocument  404 /___sbsstatic___/404.html
    ErrorDocument  500 /___sbsstatic___/500.html
    ErrorDocument  501 /___sbsstatic___/catchall.html
    ErrorDocument  502 /___sbsstatic___/catchall.html
    ErrorDocument  503 /___sbsstatic___/maintenance.html
    ErrorDocument  504 /___sbsstatic___/maintenance.html
    ErrorDocument  505 /___sbsstatic___/catchall.html

    <Directory />
        Options FollowSymLinks
        Require all granted
        SSLRequireSSL
    </Directory>

    <Directory ${JIVE_HOME}/var/www/resources>
        Options -Indexes
    </Directory>

    LogLevel info
    CustomLog "${LOG_DIR}/jive-httpd-ssl-access.log" common
    ErrorLog "${LOG_DIR}/jive-httpd-ssl-error.log"

    RequestHeader set X-Forwarded-Secure "true"
    ProxyRequests Off
    ProxyPreserveHost On

    RewriteEngine On
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/images/(.*)$ /images/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/styles/(.*)$ /styles/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/resources/(.*)$ /resources/$1
    RewriteRule ^/[0-9].[0-9].[0-9]{1,3}.[0-9a-f]{1,10}/__services/(.*)$ /__services/$1 [PT]

    # Serve gzip compressed JS files if they exist and the client accepts gzip.
    RewriteCond %{HTTP:Accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME}.gz -s
    RewriteRule ^(.*).js $1.js.gz [QSA]

    # Serve correct content types, and prevent mod_deflate double gzip.
    RewriteRule .js.gz$ - [T=text/javascript,E=no-gzip:1]

    # Replace double dashes on project urls to keep old links working on updated instances
    RewriteRule ^(.*/projects/.*)--(.*)$ $1-$2 [L,R=301]

    CacheMaxFileSize 5242880
    CacheEnable mem /styles/
    CacheEnable mem /images/
    CacheEnable mem /scripts/
    CacheEnable mem /resources/
    CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID

    # Header unset X-JIVE-USER-ID

    ExpiresActive On
    ExpiresDefault "now"
    ExpiresByType image/gif "access plus 10 years"
    ExpiresByType image/png "access plus 10 years"
    ExpiresByType image/jpeg "access plus 10 years"
    ExpiresByType image/x-icon "access plus 10 years"
    ExpiresByType text/css "access plus 10 years"
    ExpiresByType application/javascript "access plus 10 years"
    ExpiresByType application/x-shockwave-flash "access plus 10 years"
    <LocationMatch ".(woff|eot|ttf|svg)$">
        ExpiresDefault "access plus 10 years"
    </LocationMatch>

    ProxyPass /___sbsstatic___/ !
    ProxyPass /images/ !
    ProxyPass /styles/ !
    ProxyPass /scripts/ !
    ProxyPass /resources/scripts/ !
    ProxyPass /resources/images/ !
    ProxyPass /resources/styles/ !
    ProxyPass /resources/statics/ !

    Include sites/proxies/*.conf
    Include sites/conf.d/*.conf

    SSLEngine on
    SSLCipherSuite ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
    SSLCertificateFile "${SSL_CERTIFICATE_FILE}"
    SSLCertificateKeyFile "${SSL_CERTIFICATE_KEY_FILE}"

</VirtualHost>
</IfDefine>

2

Answers


  1. An option would be to use template and put configurations of virtual hosts to separate files

    - name: "httpd-vhosts: Configure virtual hosts in {{ apache_conf_path }}/extra/"
      template:
        src: "vhost.j2"
        dest: "{{ apache_conf_path }}/extra/{{ item.ServerName }}.conf"
        ....
    

    and include these files in httpd.conf

    - name: "httpd-vhosts: Incl virtual hosts in {{ apache_conf_path }}/httpd.conf"
      lineinfile:
        dest: "{{ apache_conf_path }}/httpd.conf"
        regexp: "^Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
        line: "Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
        ...
    

    Details are available in httpd-vhosts.yml and vhost.j2. FWIW, here is the Apache Galaxy role.

    Login or Signup to reply.
  2. It seems to be an issue with your insertbefore regex, specifically with the part [ t].

    I would go with s* instead, which means one or more of any whitespace characters.

    Also, you are using . as a token, not as an actual character of dot. You should escape it.

    So it would be:

        insertbefore: '^s*# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.'
    

    I recommend website regex101.com where you can do online check of your regex with break-down explanation of your regex pattern.

    Your specific inputs with my suggestions are pre-filled in this link.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search