diff --git a/files/security.conf_redhat b/files/security.conf_redhat
new file mode 100644
index 0000000..fe2e7fb
--- /dev/null
+++ b/files/security.conf_redhat
@@ -0,0 +1,6 @@
+# security
+
+ServerTokens Prod
+ServerSignature Off
+TraceEnable Off
+
diff --git a/tasks/debian.yml b/tasks/debian.yml
new file mode 100644
index 0000000..18d8986
--- /dev/null
+++ b/tasks/debian.yml
@@ -0,0 +1,247 @@
+---
+- name: check if apt.conf uses a proxy
+ shell: grep -Po '(?<=^Acquire::http::Proxy ")[^"]*' /etc/apt/apt.conf
+ register: proxy_grep
+ failed_when: false
+ changed_when: false
+
+- name: set proxy variable
+ set_fact:
+ proxy: "{{ proxy_grep.stdout }}"
+ when: proxy_grep.stdout != ""
+
+- name: install packages, debian8
+ tags: apt
+ apt:
+ name:
+ - apache2
+ - libapache2-mod-php5
+ - mysql-client
+ - php5-cli
+ - php5-curl
+ - php5-gd
+ - php5-json
+ - php5-ldap
+ - php5-mysqlnd
+ state: present
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "8"
+
+- name: install packages, debian9-10
+ tags: apt
+ apt:
+ name:
+ - apache2
+ - libapache2-mod-php
+ - mariadb-client
+ - php-cli
+ - php-bcmath
+ - php-curl
+ - php-gd
+ - php-json
+ - php-ldap
+ - php-mbstring
+ - php-mysql
+ - php-soap
+ - php-xml
+ - php-zip
+ state: present
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() == 9 or ansible_distribution_major_version|int() == 10
+
+- name: sury repo pgp key, debian11-99
+ tags: apt
+ shell: "curl {{ (proxy is defined) | ternary('--proxy '+ proxy|default(''), '')}} -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg"
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() >= 11
+
+- name: sury repo in sources list, debian11
+ tags: apt
+ lineinfile:
+ dest: /etc/apt/sources.list.d/php-sury.list
+ line: 'deb https://packages.sury.org/php/ bullseye main'
+ create: yes
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() == 11
+
+- name: sury repo in sources list, debian12
+ tags: apt
+ lineinfile:
+ dest: /etc/apt/sources.list.d/php-sury.list
+ line: 'deb https://packages.sury.org/php/ bookworm main'
+ create: yes
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() == 12
+
+- name: apt update, debian11-99
+ tags: apt
+ apt:
+ update_cache: yes
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() >= 11
+
+- name: set phpver for debian11 ubuntu20
+ set_fact:
+ phpver: "7.4"
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() == 12
+
+- name: set phpver for debian debian12
+ set_fact:
+ phpver: "8.2"
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version|int() == 12
+
+- name: set phpver for ubuntu20
+ set_fact:
+ phpver: "7.4"
+ # default, ubuntuba nem teszunk sury repot
+ when:
+ - ansible_distribution == "Ubuntu"
+ - ansible_distribution_major_version|int() == 20
+
+- name: set phpver for debian ubuntu22
+ set_fact:
+ phpver: "8.1"
+ # default, ubuntuba nem teszunk sury repot
+ when:
+ - ansible_distribution == "Ubuntu"
+ - ansible_distribution_major_version|int() == 22
+
+
+- name: install packages [phpver]
+ tags: apt
+ apt:
+ name:
+ - apache2
+ - mariadb-client
+ - "php{{ phpver }}-cli"
+ - "php{{ phpver }}-fpm"
+ - "php{{ phpver }}-bcmath"
+ - "php{{ phpver }}-curl"
+ - "php{{ phpver }}-gd"
+ - "php{{ phpver }}-ldap"
+ - "php{{ phpver }}-mbstring"
+ - "php{{ phpver }}-mongodb"
+ - "php{{ phpver }}-mysql"
+ - "php{{ phpver }}-opcache"
+ - "php{{ phpver }}-readline"
+ - "php{{ phpver }}-redis"
+ - "php{{ phpver }}-soap"
+ - "php{{ phpver }}-xml"
+ - "php{{ phpver }}-zip"
+ state: present
+ when:
+ - phpver is defined
+
+- name: install json for php7.4 [phpver]
+ tags: apt
+ apt:
+ name:
+ - "php{{ phpver }}-json"
+ state: present
+ when:
+ - phpver is defined
+ - phpver == "7.4"
+
+- name: php fpm/pool.d/www.conf [phpver]
+ template:
+ src: pool_www.conf
+ dest: "/etc/php/{{ phpver }}/fpm/pool.d/www.conf"
+ when:
+ - phpver is defined
+
+- name: php config, debian8
+ copy:
+ src: hws.php.ini.modphp
+ dest: /etc/php5
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "8"
+
+- name: php config symlinks, debian8
+ file:
+ state: link
+ src: /etc/php5/hws.php.ini
+ path: "/etc/php5/{{ item }}/conf.d/hws.php.ini"
+ with_items:
+ - apache2
+ - cli
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "8"
+
+- name: php config, debian9
+ copy:
+ src: hws.php.ini.modphp
+ dest: /etc/php/7.0/hws.php.ini
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "9"
+
+- name: php config, debian10
+ copy:
+ src: hws.php.ini.modphp
+ dest: /etc/php/7.3/hws.php.ini
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "10"
+
+#- name: php config, bullseye
+# copy:
+# src: hws.php.ini.fpm
+# dest: /etc/php/7.4/hws.php.ini
+# when:
+# - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 11) or
+# (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
+
+- name: php config symlinks, debian9
+ file:
+ state: link
+ src: /etc/php/7.0/hws.php.ini
+ path: "/etc/php/7.0/{{ item }}/conf.d/hws.php.ini"
+ with_items:
+ - apache2
+ - cli
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "9"
+
+- name: php config symlinks, debian10
+ file:
+ state: link
+ src: /etc/php/7.3/hws.php.ini
+ path: "/etc/php/7.3/{{ item }}/conf.d/hws.php.ini"
+ with_items:
+ - apache2
+ - cli
+ when:
+ - ansible_distribution == "Debian"
+ - ansible_distribution_major_version == "10"
+
+#- name: php config symlinks, bullseye
+# file:
+# state: link
+# src: /etc/php/7.4/hws.php.ini
+# path: "/etc/php/7.4/{{ item }}/conf.d/hws.php.ini"
+# with_items:
+# - fpm
+# - cli
+# when:
+# - ansible_distribution == "Debian"
+# - ansible_distribution_major_version == "11"
+
+- name: php logrotate config
+ copy:
+ src: logrotate.conf
+ dest: /etc/logrotate.d/php
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
diff --git a/tasks/main.yml b/tasks/main.yml
index 68f87cb..d019316 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,15 +1,4 @@
---
-- name: check if apt.conf uses a proxy
- shell: grep -Po '(?<=^Acquire::http::Proxy ")[^"]*' /etc/apt/apt.conf
- register: proxy_grep
- failed_when: false
- changed_when: false
-
-- name: set proxy variable
- set_fact:
- proxy: "{{ proxy_grep.stdout }}"
- when: proxy_grep.stdout != ""
-
- name: /var/www bind mount in fstab
lineinfile:
dest: /etc/fstab
@@ -20,6 +9,20 @@
shell: 'mkdir -p /var/www && mv /var/www /data && mkdir -p /var/www && mount /var/www'
when: fstab_www.changed
+- name: /var/www fcontext httpd_sys_content_t
+ sefcontext:
+ setype: httpd_sys_rw_content_t
+ target: "/var/www/.*"
+ when:
+ - ansible_distribution == "RedHat"
+ - ansible_selinux.status == 'enabled'
+
+- name: /var/www restorecon
+ command: "restorecon -r /var/www"
+ when:
+ - ansible_distribution == "RedHat"
+ - ansible_selinux.status == 'enabled'
+
- name: www subdirs
file:
dest: "/var/www/{{ item }}"
@@ -31,162 +34,27 @@
- name: www index.html
shell: "test -e /var/www/def/public/index.html || hostname > /var/www/def/public/index.html"
-- name: install packages, debian8
- tags: apt
- apt:
- name:
- - apache2
- - libapache2-mod-php5
- - mysql-client
- - php5-cli
- - php5-curl
- - php5-gd
- - php5-json
- - php5-ldap
- - php5-mysqlnd
- state: present
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "8"
+- name: include debian/ubuntu specific
+ include_tasks: debian.yml
+ when: (ansible_distribution == "Debian" or ansible_distribution == "Ubuntu")
-- name: install packages, debian9-10
- tags: apt
- apt:
- name:
- - apache2
- - libapache2-mod-php
- - mariadb-client
- - php-cli
- - php-bcmath
- - php-curl
- - php-gd
- - php-json
- - php-ldap
- - php-mbstring
- - php-mysql
- - php-soap
- - php-xml
- - php-zip
- state: present
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() == 9 or ansible_distribution_major_version|int() == 10
+- name: include redhat specific
+ include_tasks: redhat.yml
+ when: ansible_distribution == "RedHat"
-- name: sury repo pgp key, debian11-99
- tags: apt
- shell: "curl {{ (proxy is defined) | ternary('--proxy '+ proxy|default(''), '')}} -o /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg"
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() >= 11
-
-- name: sury repo in sources list, debian11
- tags: apt
- lineinfile:
- dest: /etc/apt/sources.list.d/php-sury.list
- line: 'deb https://packages.sury.org/php/ bullseye main'
- create: yes
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() == 11
-
-- name: sury repo in sources list, debian12
- tags: apt
- lineinfile:
- dest: /etc/apt/sources.list.d/php-sury.list
- line: 'deb https://packages.sury.org/php/ bookworm main'
- create: yes
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() == 12
-
-- name: apt update, debian11-99
- tags: apt
- apt:
- update_cache: yes
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() >= 11
-
-- name: set phpver for debian11 ubuntu20
- set_fact:
- phpver: "7.4"
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() == 12
-
-- name: set phpver for debian debian12
- set_fact:
- phpver: "8.2"
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version|int() == 12
-
-- name: set phpver for ubuntu20
- set_fact:
- phpver: "7.4"
- # default, ubuntuba nem teszunk sury repot
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_distribution_major_version|int() == 20
-
-- name: set phpver for debian ubuntu22
- set_fact:
- phpver: "8.1"
- # default, ubuntuba nem teszunk sury repot
- when:
- - ansible_distribution == "Ubuntu"
- - ansible_distribution_major_version|int() == 22
-
-
-- name: install packages [phpver]
- tags: apt
- apt:
- name:
- - apache2
- - mariadb-client
- - "php{{ phpver }}-cli"
- - "php{{ phpver }}-fpm"
- - "php{{ phpver }}-bcmath"
- - "php{{ phpver }}-curl"
- - "php{{ phpver }}-gd"
- - "php{{ phpver }}-ldap"
- - "php{{ phpver }}-mbstring"
- - "php{{ phpver }}-mongodb"
- - "php{{ phpver }}-mysql"
- - "php{{ phpver }}-opcache"
- - "php{{ phpver }}-readline"
- - "php{{ phpver }}-redis"
- - "php{{ phpver }}-soap"
- - "php{{ phpver }}-xml"
- - "php{{ phpver }}-zip"
- state: present
- when:
- - phpver is defined
-
-- name: install json for php7.4 [phpver]
- tags: apt
- apt:
- name:
- - "php{{ phpver }}-json"
- state: present
- when:
- - phpver is defined
- - phpver == "7.4"
-
-- name: php fpm/pool.d/www.conf [phpver]
+- name: conf-available templates
template:
- src: pool_www.conf
- dest: "/etc/php/{{ phpver }}/fpm/pool.d/www.conf"
- when:
- - phpver is defined
-
-- name: conf-available
- copy:
src: "{{ item }}"
dest: /etc/apache2/conf-available
with_items:
- other-vhosts-access-log.conf
- charset.conf
+
+- name: conf-available files
+ copy:
+ src: "{{ item }}"
+ dest: /etc/apache2/conf-available
+ with_items:
- log-detailed.conf
- name: enable confs / modules, debian0-10
@@ -209,120 +77,14 @@
- ansible_distribution == "Debian"
- ansible_distribution_major_version|int() < 11
-- name: virtualhost config, debian11-99 ubuntu20-99
+- name: virtualhost config, debian11-99 ubuntu20-99 redhat
template:
src: 000-default_fpm.conf
dest: /etc/apache2/sites-available/000-default.conf
when:
- (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
-
-- name: php config, debian8
- copy:
- src: hws.php.ini.modphp
- dest: /etc/php5
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "8"
-
-- name: php config symlinks, debian8
- file:
- state: link
- src: /etc/php5/hws.php.ini
- path: "/etc/php5/{{ item }}/conf.d/hws.php.ini"
- with_items:
- - apache2
- - cli
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "8"
-
-- name: php config, debian9
- copy:
- src: hws.php.ini.modphp
- dest: /etc/php/7.0/hws.php.ini
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "9"
-
-- name: php config, debian10
- copy:
- src: hws.php.ini.modphp
- dest: /etc/php/7.3/hws.php.ini
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "10"
-
-#- name: php config, bullseye
-# copy:
-# src: hws.php.ini.fpm
-# dest: /etc/php/7.4/hws.php.ini
-# when:
-# - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() == 11) or
-# (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
-
-- name: php config symlinks, debian9
- file:
- state: link
- src: /etc/php/7.0/hws.php.ini
- path: "/etc/php/7.0/{{ item }}/conf.d/hws.php.ini"
- with_items:
- - apache2
- - cli
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "9"
-
-- name: php config symlinks, debian10
- file:
- state: link
- src: /etc/php/7.3/hws.php.ini
- path: "/etc/php/7.3/{{ item }}/conf.d/hws.php.ini"
- with_items:
- - apache2
- - cli
- when:
- - ansible_distribution == "Debian"
- - ansible_distribution_major_version == "10"
-
-#- name: php config symlinks, bullseye
-# file:
-# state: link
-# src: /etc/php/7.4/hws.php.ini
-# path: "/etc/php/7.4/{{ item }}/conf.d/hws.php.ini"
-# with_items:
-# - fpm
-# - cli
-# when:
-# - ansible_distribution == "Debian"
-# - ansible_distribution_major_version == "11"
-
-
-- name: php logrotate config
- copy:
- src: logrotate.conf
- dest: /etc/logrotate.d/php
-
-- name: security.conf ServerTokens, debian11-99 ubuntu20-99
- tags: apt
- lineinfile:
- dest: /etc/apache2/conf-available/security.conf
- regexp: "^ServerTokens"
- line: "ServerTokens Prod"
- when:
- - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
-
-
-- name: security.conf ServerSignature, debian11-99 ubuntu20-99
- tags: apt
- lineinfile:
- dest: /etc/apache2/conf-available/security.conf
- regexp: "^ServerSignature"
- line: "ServerSignature Off"
- when:
- - (ansible_distribution == "Debian" and ansible_distribution_major_version|int() >= 11) or
- (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20)
+ (ansible_distribution == "Ubuntu" and ansible_distribution_major_version|int() >= 20) or
+ ansible_distribution == "RedHat"
# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
diff --git a/tasks/redhat.yml b/tasks/redhat.yml
new file mode 100644
index 0000000..68aa1fc
--- /dev/null
+++ b/tasks/redhat.yml
@@ -0,0 +1,160 @@
+---
+- name: set phpver for rhel9
+ set_fact:
+ phpver: "84"
+ when:
+ - ansible_distribution == "RedHat"
+ - ansible_distribution_major_version|int() == 9
+
+- name: install remi repo
+ tags: dnf
+ dnf:
+ name: "https://rpms.remirepo.net/enterprise/remi-release-9.rpm"
+ disable_gpg_check: yes
+
+#- name: dnf module php [phpver]
+# tags: dnf
+# dnf:
+# name:
+# - "@php:remi-{{ phpver }}"
+
+- name: install packages
+ tags: dnf
+ dnf:
+ name:
+ - httpd
+ - mod_ssl
+ - mysql
+ - redis
+ - "php{{ phpver }}-php-fpm"
+ - "php{{ phpver }}-php-cli"
+ - "php{{ phpver }}-php-bcmath"
+ - "php{{ phpver }}-php-gd"
+ - "php{{ phpver }}-php-ldap"
+ - "php{{ phpver }}-php-mbstring"
+ - "php{{ phpver }}-php-mysqlnd"
+ - "php{{ phpver }}-php-opcache"
+ - "php{{ phpver }}-php-soap"
+ - "php{{ phpver }}-php-xml"
+ - "php{{ phpver }}-php-pecl-zip"
+ - "php{{ phpver }}-php-pecl-mongodb"
+ - "php{{ phpver }}-php-pecl-redis6"
+ - "php{{ phpver }}-php-process"
+ when:
+ - phpver is defined
+
+- name: enable httpd service
+ systemd_service:
+ name: httpd
+ enabled: true
+
+- name: enable redis service
+ systemd_service:
+ name: redis
+ enabled: true
+
+- name: enable php-fpm service [phpver]
+ systemd_service:
+ name: "php{{ phpver }}-php-fpm"
+ enabled: true
+
+- name: php-fpm.d/www.conf [phpver]
+ template:
+ src: pool_www.conf_redhat
+ dest: "/etc/opt/remi/php{{ phpver }}/php-fpm.d/www.conf"
+ when:
+ - phpver is defined
+
+- name: httpd.conf remove conf.d include
+ lineinfile:
+ path: /etc/httpd/conf/httpd.conf
+ regex: "^IncludeOptional conf.d/\\*.conf"
+ state: absent
+
+- name: httpd.conf add conf-enabled include
+ lineinfile:
+ path: /etc/httpd/conf/httpd.conf
+ line: "IncludeOptional conf-enabled/*.conf"
+
+- name: httpd.conf add sites-enabled include
+ lineinfile:
+ path: /etc/httpd/conf/httpd.conf
+ line: "IncludeOptional sites-enabled/*.conf"
+
+- name: /etc/apache2 symlink
+ file:
+ path: /etc/apache2
+ src: httpd
+ state: link
+
+- name: /var/log/apache2 symlink
+ file:
+ path: /var/log/apache2
+ src: httpd
+ state: link
+
+- name: /etc/apache2/conf-enabled
+ file:
+ path: /etc/apache2/conf-enabled
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+
+- name: /etc/apache2/conf-available
+ file:
+ path: /etc/apache2/conf-available
+ src: conf-enabled
+ state: link
+
+- name: /etc/apache2/sites-enabled
+ file:
+ path: /etc/apache2/sites-enabled
+ state: directory
+ owner: root
+ group: root
+ mode: "0755"
+
+- name: /etc/apache2/sites-available
+ file:
+ path: /etc/apache2/sites-available
+ src: sites-enabled
+ state: link
+
+- name: create security.conf
+ copy:
+ src: security.conf_redhat
+ dest: /etc/apache2/conf-enabled/security.conf
+
+- name: create index.conf
+ copy:
+ content: "DirectoryIndex index.html index.php\n"
+ dest: /etc/apache2/conf-enabled/index.conf
+
+- name: ssl.conf
+ template:
+ src: redhat_ssl.conf
+ dest: "/etc/apache2/conf-enabled/ssl.conf"
+
+- name: set httpd_can_network_connect
+ seboolean:
+ name: httpd_can_network_connect
+ state: true
+ persistent: yes
+ when:
+ - ansible_selinux.status == 'enabled'
+
+- name: set httpd_can_sendmail
+ seboolean:
+ name: httpd_can_sendmail
+ state: true
+ persistent: yes
+ when:
+ - ansible_selinux.status == 'enabled'
+
+#D- name: php logrotate config
+#D copy:
+#D src: logrotate.conf
+#D dest: /etc/logrotate.d/php
+
+# vim: set tabstop=2 shiftwidth=2 expandtab smarttab:
diff --git a/templates/000-default_fpm.conf b/templates/000-default_fpm.conf
index ea48c62..90a2c2c 100644
--- a/templates/000-default_fpm.conf
+++ b/templates/000-default_fpm.conf
@@ -1,15 +1,43 @@
+#
+{% if ansible_distribution == "RedHat" %}
+# ErrorLog /var/log/httpd/notls.log
+# CustomLog /var/log/httpd/notls.log detailed
+{% else %}
+# ErrorLog ${APACHE_LOG_DIR}/notls.log
+# CustomLog ${APACHE_LOG_DIR}/notls.log detailed
+{% endif %}
+# RewriteEngine On
+# RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
+# RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]
+#
+#
+# SSLEngine on
+# SSLCertificateFile /etc/ssl/i.hwstudio.hu/fullchain.pem
+# SSLCertificateKeyFile /etc/ssl/i.hwstudio.hu/privkey.pem
+# #ServerName
+# #Header always set Strict-Transport-Security "max-age=31536000;"
+
DocumentRoot /var/www/def/public
+{% if ansible_distribution == "RedHat" %}
+ ErrorLog /var/log/httpd/error.log
+ CustomLog /var/log/httpd/access.log detailed
+{% else %}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log detailed
+{% endif %}
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
+{% if ansible_distribution == "RedHat" %}
+ SetHandler "proxy:unix:/var/opt/remi/php{{ phpver }}/run/php-fpm/www.sock|fcgi://localhost"
+{% else %}
SetHandler "proxy:unix:/run/php/php{{ phpver }}-fpm.sock|fcgi://localhost"
+{% endif %}
diff --git a/files/charset.conf b/templates/charset.conf
similarity index 100%
rename from files/charset.conf
rename to templates/charset.conf
diff --git a/files/other-vhosts-access-log.conf b/templates/other-vhosts-access-log.conf
similarity index 67%
rename from files/other-vhosts-access-log.conf
rename to templates/other-vhosts-access-log.conf
index ffbcea1..9c36d68 100644
--- a/files/other-vhosts-access-log.conf
+++ b/templates/other-vhosts-access-log.conf
@@ -1,5 +1,9 @@
# Define an access log for VirtualHosts that don't define their own logfile
#CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
+{% if ansible_distribution == "RedHat" %}
+CustomLog /var/log/httpd/other_vhosts_access.log detailed
+{% else %}
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log detailed
+{% endif %}
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/templates/pool_www.conf_redhat b/templates/pool_www.conf_redhat
new file mode 100644
index 0000000..2dd5794
--- /dev/null
+++ b/templates/pool_www.conf_redhat
@@ -0,0 +1,20 @@
+[www]
+user = apache
+group = apache
+listen = /var/opt/remi/php{{ phpver }}/run/php-fpm/www.sock
+listen.acl_users = apache
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 50
+pm.start_servers = 5
+pm.min_spare_servers = 5
+pm.max_spare_servers = 35
+slowlog = /var/opt/remi/php{{ phpver }}/log/php-fpm/www-slow.log
+php_admin_value[error_log] = /var/opt/remi/php{{ phpver }}/log/php-fpm/www-error.log
+php_admin_flag[log_errors] = on
+php_value[session.save_handler] = files
+php_value[session.save_path] = /var/opt/remi/php{{ phpver }}/lib/php/session
+php_value[soap.wsdl_cache_dir] = /var/opt/remi/php{{ phpver }}/lib/php/wsdlcache
+
+php_admin_value[user_ini.filename] = .php.ini
+php_admin_value[user_ini.cache_ttl] = 60
diff --git a/templates/redhat_ssl.conf b/templates/redhat_ssl.conf
new file mode 100644
index 0000000..59cb9c8
--- /dev/null
+++ b/templates/redhat_ssl.conf
@@ -0,0 +1,8 @@
+Listen 443 https
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
+SSLSessionCache shmcb:/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout 300
+SSLCryptoDevice builtin
+SSLCipherSuite HIGH+ECDHE:!aNULL:!SHA1:!SHA256:!SHA384
+SSLHonorCipherOrder on
+SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1