Added debian-9 (strech)

Makefile

@@ -41,6 +41,7 @@ dist-update:
 	docker pull ubuntu:16.04
 	docker pull debian:7
 	docker pull debian:8
+	docker pull debian:strech
 
 rebuild:
 	# Rebuild all containers but use caching for duplicates

_provisioning/php/general/provision/roles/webdevops-php/tasks/bootstrap/php-module.xdebug.yml

@@ -23,3 +23,4 @@
   with_items:
     - 'zend_extension'
     - 'extension'
+  ignore_errors: yes

ansible/debian-9/Dockerfile

@@ -0,0 +1,9 @@
+#++++++++++++++++++++++++++++++++++++++
+# Debian 9 Ansible Docker container
+#++++++++++++++++++++++++++++++++++++++
+
+FROM webdevops/bootstrap:debian-9
+MAINTAINER info@webdevops.io
+LABEL vendor=WebDevOps.io
+LABEL io.webdevops.layout=4
+LABEL io.webdevops.version=0.19.0

apache/debian-9/Dockerfile

@@ -0,0 +1,34 @@
+#++++++++++++++++++++++++++++++++++++++
+# Debian 9 Apache Docker container
+#++++++++++++++++++++++++++++++++++++++
+
+FROM webdevops/base:debian-9
+MAINTAINER info@webdevops.io
+LABEL vendor=WebDevOps.io
+LABEL io.webdevops.layout=4
+LABEL io.webdevops.version=0.19.0
+
+ENV WEB_DOCUMENT_ROOT  /application/code/
+ENV WEB_DOCUMENT_INDEX index.php
+ENV WEB_ALIAS_DOMAIN   *.vm
+
+# Install apache
+RUN /usr/local/bin/apt-install \
+        apache2 \
+        libapache2-mod-fastcgi \
+	&& sed -ri ' \
+		s!^(\s*CustomLog)\s+\S+!\1 /proc/self/fd/1!g; \
+		s!^(\s*ErrorLog)\s+\S+!\1 /proc/self/fd/2!g; \
+		' /etc/apache2/apache2.conf \
+	&& rm -f /etc/apache2/sites-enabled/* \
+	&& a2enmod actions fastcgi ssl rewrite headers
+
+# Deploy scripts/configurations
+COPY conf/ /opt/docker/
+RUN bash /opt/docker/bin/control.sh provision.role webdevops-apache \
+    && bash /opt/docker/bin/bootstrap.sh
+
+EXPOSE 80
+EXPOSE 443
+
+CMD ["supervisord"]

apache/debian-9/conf/bin/service.d/httpd.sh

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -e
+
+# Apache gets grumpy about PID files pre-existing
+rm -f /var/run/apache2/apache2*.pid
+
+source /etc/apache2/envvars
+exec apache2 -DFOREGROUND -DAPACHE_LOCK_DIR

apache/debian-9/conf/etc/httpd/global.conf

@@ -0,0 +1,39 @@
+# Settings
+TimeOut      1000
+ServerName   "<SERVERNAME>"
+
+DirectoryIndex <DOCUMENT_INDEX>
+DocumentRoot "<DOCUMENT_ROOT>"
+
+<Directory "<DOCUMENT_ROOT>">
+  Options Indexes FollowSymLinks
+  AllowOverride All
+
+  <IfVersion < 2.4>
+      Allow from all
+  </IfVersion>
+  <IfVersion >= 2.4>
+      Require all granted
+  </IfVersion>
+</Directory>
+
+
+LogFormat "[httpd:access] %V:%p %h %l %u %t \"%r\" %>s bytesIn:%I bytesOut:%O reqTime:%T" dockerlog
+CustomLog /proc/self/fd/1 dockerlog
+ErrorLog  /proc/self/fd/2
+
+#######################################
+# Faster error documents
+#######################################
+<Location ~ "(\.jpeg|\.jpg|\.gif|\.png|\.ico|\.js|\.css|\.map|\.json|\.xml|robots\.txt)$">
+  ErrorDocument 400 "400 Bad Request"
+  ErrorDocument 401 "401 Unauthorized"
+  ErrorDocument 403 "403 Forbidden"
+  ErrorDocument 404 "404 Not Found"
+  ErrorDocument 405 "405 Method Not Allowed"
+
+  ErrorDocument 500 "500 Internal Server Error"
+  ErrorDocument 501 "501 Not Implemented"
+  ErrorDocument 502 "502 Bad Gateway"
+  ErrorDocument 503 "503 Service Unavailable"
+</Location>

apache/debian-9/conf/etc/httpd/main.conf

@@ -0,0 +1,3 @@
+Include /opt/docker/etc/httpd/global.conf
+Include /opt/docker/etc/httpd/php.conf
+Include /opt/docker/etc/httpd/vhost.conf

apache/debian-9/conf/etc/httpd/php.conf

@@ -0,0 +1,13 @@
+AddHandler php5-fcgi .php
+Action php5-fcgi /php5-fcgi
+Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
+FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization -idle-timeout 600
+
+<Directory /usr/lib/cgi-bin>
+  <IfVersion < 2.4>
+      Allow from all
+  </IfVersion>
+  <IfVersion >= 2.4>
+      Require all granted
+  </IfVersion>
+</Directory>

apache/debian-9/conf/etc/httpd/ssl/server.crt

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIE1DCCArwCCQDMMwGnSuK0tTANBgkqhkiG9w0BAQsFADAsMRswGQYDVQQKExJE
+b2NrZXIgQm9pbGVycGxhdGUxDTALBgNVBAMUBCoudm0wHhcNMTUwNTA0MTcxNDQw
+WhcNMjUwNTAxMTcxNDQwWjAsMRswGQYDVQQKExJEb2NrZXIgQm9pbGVycGxhdGUx
+DTALBgNVBAMUBCoudm0wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDK
+3TIUiyDvXelWeY9VXMrpjuZtYpVSDsACLpjFUhMnsP5/iKT0VbeZyqHvmwZjAg4G
+Y10d+yZDdgv/xeu0HPOFbtR6pCp10d1tdLHZto5Cyuxu7IQsAVjnD6Ko7XFwtNk7
+9o6JZfAFaGL4w5MokrVmCtspnsMZH7/7zU4f96cbF39zLopnpuXGD6t6DA8Qj3gy
+0duaTjs42bYRN+rwLzVKAev99iQ4kPMJn4vV6/Xk6rtoSzC67GQyVZYaFypicD1S
+NtsRmgEVvjCBDbrLOneUiRwff6qxEsZi7Hxv7BKFj4iUWnII7K/nP7T6uBHQjHO+
+FpsGkU9lCMrCeVFBe8kKz/cbhd+yLUxXwAPr6gSOPmwn232Gy4tozvqZHpbUxsgx
+7sT3ej9K66h1D7J+BjNFWYM1hbnC1r7H/xS7EBzBV8qRoQCVe08Juf5xsouXFakD
+clLV4+L+1cxkpwsCQDly5g3tm/TBqA2O+ZJ+YHQDHKkzMyhLs6i0X/M5qvJBiLg1
+GLTCS20rpQ5gXTEGuINqHgwXQWkUO6bhgSYqdHGX3zbZ5+qWpI4eui3dHZ1Ll0VH
+6Icpb7ORTQwhc6W8KBlybssYPSlGOEBGUjYGNheoz9FpoSkxCis+P8ZNKtrmpPoq
+Su0eOOGFOFHG02eOgPVxSwrDeN9MVJo7BPysGMHJmQIDAQABMA0GCSqGSIb3DQEB
+CwUAA4ICAQC63g6NHmQKbiy3G6iaDkpUSbr5Mq2YgU61XnvWVyREqDcy/BXCw9oY
+SJ/KUvCpqPnACNOFqjadRAmPiA9nf2WduoCgwQGV/YRFGswSuVvh/3X2TX5NWvbS
+t8MQDttQg1dxpiMUjlu3rqhfohBdWJvp2lVSdpDb/MOlXBc/+p7HfOHwhqB7wwPN
+NNbSKUbZqZxmD8cOf1X0hASr1yfFPj+2vST3ESaON8S0T2p63YX/sD5jvOUiEuyw
+I5WcvLmiRZA07SH8nWyckLY3qWL+OlhSZrlAnolWS00b+7h5LNuRYEjKzwVgntoA
+aCopyQih6wIk0+AfJO4sfhJBmQhnIrAaP/zwBH5g9zVizLf5H7U+hNXrMwgw55Sq
+vjMdkZHvPKUXTvVit/rYE9H+PY3brkRWzOl4V/i/ZLJJm5805H/NyTbz9kPMJw2Q
+nn+KOpfXXySD39f8iuRgSKXsYNul38hxWgcZZ6g+sOOp2n/VUmf0eZUWNnJ8i7AP
+4Qif7aDKMcibOwSwsB+DKZXDvZ5XSdnMphtuLS5rPSL81rVRmWC2DMfQ2eP8j0WN
+VTroSk0xedQ7Qr+9TNooi9IyzX6n1a2S1UiciEZ3ZcDbXPl/P01m+IYZyPnLv0+9
+ZeioZYh1JLv3/OKsMrMLTfh2ZCj3aXwmc2Owi/wU2LS5QUOMcHH7CQ==
+-----END CERTIFICATE-----

apache/debian-9/conf/etc/httpd/ssl/server.csr

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIEcTCCAlkCAQAwLDEbMBkGA1UEChMSRG9ja2VyIEJvaWxlcnBsYXRlMQ0wCwYD
+VQQDFAQqLnZtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyt0yFIsg
+713pVnmPVVzK6Y7mbWKVUg7AAi6YxVITJ7D+f4ik9FW3mcqh75sGYwIOBmNdHfsm
+Q3YL/8XrtBzzhW7UeqQqddHdbXSx2baOQsrsbuyELAFY5w+iqO1xcLTZO/aOiWXw
+BWhi+MOTKJK1ZgrbKZ7DGR+/+81OH/enGxd/cy6KZ6blxg+regwPEI94MtHbmk47
+ONm2ETfq8C81SgHr/fYkOJDzCZ+L1ev15Oq7aEswuuxkMlWWGhcqYnA9UjbbEZoB
+Fb4wgQ26yzp3lIkcH3+qsRLGYux8b+wShY+IlFpyCOyv5z+0+rgR0IxzvhabBpFP
+ZQjKwnlRQXvJCs/3G4Xfsi1MV8AD6+oEjj5sJ9t9hsuLaM76mR6W1MbIMe7E93o/
+SuuodQ+yfgYzRVmDNYW5wta+x/8UuxAcwVfKkaEAlXtPCbn+cbKLlxWpA3JS1ePi
+/tXMZKcLAkA5cuYN7Zv0wagNjvmSfmB0AxypMzMoS7OotF/zOaryQYi4NRi0wktt
+K6UOYF0xBriDah4MF0FpFDum4YEmKnRxl9822efqlqSOHrot3R2dS5dFR+iHKW+z
+kU0MIXOlvCgZcm7LGD0pRjhARlI2BjYXqM/RaaEpMQorPj/GTSra5qT6KkrtHjjh
+hThRxtNnjoD1cUsKw3jfTFSaOwT8rBjByZkCAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4ICAQBsEBgC2YepuZq/8UqvKMZKVy/etDKXj7BB+QPb+leNiKD7p4LDxHJsZSH8
+Ku9uMPeLfiQDn5jA41k5SlGttzvObd65RdEbO3yHpqsg05EGSDDLfaE1k2Al/qmX
+/o8roPZF7+2kZthgMAgkcokS54LYqEYTGqOf3J9Ss0yRIZwhaOVebfFIbIOdpw0B
+JNMIJPHTMdZrcuRVI+wR1uPLIlEJzBvxTGbTrvPU25WJFtu+EajKqXO0SHdy0yx8
+uH4ykRBJRc36+oYo7nZ5D56dh7pZn3+9J64FKAOV0Q3KqMFieGy053ezuhJd70eZ
+UozTgfjs3WpMzoYmKETSyl3XZSdInRe+sUlKPruTsKyg69oYxjPlrGfAmmGcCFca
+TnZinT18dI92zK7OtOVkmYeYKC1lwuhftVrNMXzZuHOGpS9NNYtc4nDqDMIEOfV3
+6rCdu03WjEgJ+Z67tJs16xOx9du4/EHxS2Ijn9DPfVJvYy0TgzDi1BUpjWx0KTLx
+C4OQbEZ/QTWmHVbSch/hcZhzbf7SNh5RpnW4EtmcpDFjIKMfxJmoKeiTf7qnilx0
+7uRvsZFKoDKRDOFiPfgMg5AOtLHziYsd9m0tJjC2GHvFuPjzOtzhnUUjmmvht170
+2aqKakjST4amg7jzLcs871HX0/WjOtt29NpOz140blkKf1bisg==
+-----END CERTIFICATE REQUEST-----

apache/debian-9/conf/etc/httpd/ssl/server.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEAyt0yFIsg713pVnmPVVzK6Y7mbWKVUg7AAi6YxVITJ7D+f4ik
+9FW3mcqh75sGYwIOBmNdHfsmQ3YL/8XrtBzzhW7UeqQqddHdbXSx2baOQsrsbuyE
+LAFY5w+iqO1xcLTZO/aOiWXwBWhi+MOTKJK1ZgrbKZ7DGR+/+81OH/enGxd/cy6K
+Z6blxg+regwPEI94MtHbmk47ONm2ETfq8C81SgHr/fYkOJDzCZ+L1ev15Oq7aEsw
+uuxkMlWWGhcqYnA9UjbbEZoBFb4wgQ26yzp3lIkcH3+qsRLGYux8b+wShY+IlFpy
+COyv5z+0+rgR0IxzvhabBpFPZQjKwnlRQXvJCs/3G4Xfsi1MV8AD6+oEjj5sJ9t9
+hsuLaM76mR6W1MbIMe7E93o/SuuodQ+yfgYzRVmDNYW5wta+x/8UuxAcwVfKkaEA
+lXtPCbn+cbKLlxWpA3JS1ePi/tXMZKcLAkA5cuYN7Zv0wagNjvmSfmB0AxypMzMo
+S7OotF/zOaryQYi4NRi0wkttK6UOYF0xBriDah4MF0FpFDum4YEmKnRxl9822efq
+lqSOHrot3R2dS5dFR+iHKW+zkU0MIXOlvCgZcm7LGD0pRjhARlI2BjYXqM/RaaEp
+MQorPj/GTSra5qT6KkrtHjjhhThRxtNnjoD1cUsKw3jfTFSaOwT8rBjByZkCAwEA
+AQKCAgAbZPdoUsllyZbC+LNkYZ19ILD5QIDNjfRb1xMGQmkXyQz1B+zOmeyrNfPc
+OWEJabOfJTfj3pByN7SzG3US4333HNpQnW6mbmqqZ0HFFqPrXR/Ecuf+UUhCG5hp
+m3bgM2vKbyccYsmg0VHcKfzrU7RvTTP/UNMjx2fThwvvwS+ttuSdF0HVcXJB5sfP
+OWWnZNhkdHZlRf81VCED/jsZqCZYEh5eMyj9AoXvXL4zayPPf+tC0DSKaXW2Xlxg
+tZQhqup8+a9nlxZia0Z9hu8clo6jXkiP8FuKgfCMV0cOjiCKLLHS5svTbLLsVWwJ
+F2ZAdVcD6mWQ43qHOEK5NEzGvQKO14CaOLnVT2yAkMcyNohsEgoDP9oCBGDJQbBH
+NmtZfpVjjtuTr9P9TEkU1FcBRo0x6Il/DkzamGbOeFAmgnaGElhJ5c/CAG7whaIf
+mUfFOBGPH/wESY3gBOACDofeSh27RrlvbLaPiCGKivDUTBmhBsIuso6XqOKbvtfV
+/HhhndpdRVfIj4DdE7gIrLIGN977JMVAXFCNz7KrvAWwcOXrCHCoWpklJ9repq8l
+26ICY8K7VXktzDHQUmhd88ZWR+9ASURsJghUgZUOcMrEGyvci6Y8hpLhHiNVPHuQ
++ps7tpPsXSntBUqWBzhRZh74+nJlOOV6oYykl30JT2JzB6lwiQKCAQEA9ecn8N2z
+20tR2UEiTv/MjVSepQtAAajegvcd1iasvvQKXnh3XLmoZHzH2tTa0lp5RIZpUQPl
+lOTwko0lYTBnYblt65AJQ3FTgisNobIpoqE8BFXLm6wggz7CbabjmPGDe173lPGR
+sI0YSKYvzrdn4zw8Fh6WULJyZHLi58zJYL3r0WBDiOoxpGaGA1GlmkuIWjhKHaX2
+OvF1vOuQDJ2eDyTc5TYFC0NKG76Mvanov5L/yrhNM/umbmp0SPspzHGZobAKUr20
+OazFT8S+2TA1OTxWNbiPbSimFoaZbEdqsNACGfVJWO8Sh8iqlt5RmEcSiSvGBj6L
+QKprRO9Fsp2GawKCAQEA0zGhRsnux4JTNsdUSYsEJtITMj6eE+nl7CoZ9DAOwC5X
+6/aSpUE4TT+pWNrt9iluXiGL0j89UJ7r/L1OcsiyzGb8ig9NU4zr1NIGTZ0DstHi
+HPYINjeiBJEFIy17kOQn+9/I5c4hBUwz6ihwNoEomymVB/EsLJKAML0AudJGKg+Z
+/f/qrS40eab5SAiaKgsh0MZnj+vIxyGBydt6r2HGmjfNITVbXIu6IpO+6NXDwM/e
+7v10AAZ3j9+gb1RedLg2ghuIuYU90hmMhtVWsh9nVmaOkMW9/WFgOPYvt/mHH/hR
+d4pePZ9kACGmqo/b9sHvHw1YEubtCt1VUiNuFxnJCwKCAQBWnxz0vkRTJY8phsY9
+KeK2jm5sGTBs5T2syLwb6ffENFdKvAjgAw6Mh2And/+1ReWd+/MxdLv03UjZdxsJ
+x3FDfXx5FH4O4ebW3a+pnAcKoN1xcX+N0O6LDRqUYcue3sTAOs3gC9CUbr91KAWD
+Phw8ccWAzTmKJ7IgLFA982ekyoI9eTmRC159WRgwJxy844qerWF+XC4GyXP+HsTZ
+jNRW5Vdi7sqMEyIR7+fIEAhLI88zbATWIPmZv6pC4ybwO7wwtsCMMQNBpdjDprzL
+6S12ggikV+U+QKlxGe0FtYqhykRTPJKf32eZqVheWOZJTA/9fgv9ux52oxGycM8O
+gmsNAoIBAQC60m5uZnd5uYnPLWkcXYNgq/kbO1UvHHut/FhVMKX7z4MrU0XKNfWO
+MECoP5K9bU0aq+Y6KIMe7FapjvT0iSHRu1Cu+HZY8JI2A0xcIAeDijLRl7sP6wrB
+q1+2DKgANjRAlWfsEfoX658JBpitPngjOheBnRCMpVQMyUT5HE/BKWf5zwdUB0mY
+S+K8nA90HcDeJIS8RcGolbVwUV0oBABhr/cf50lYhqozqCr7YQ33ZGs7Uq3oz8+4
+UARmN2YPLl3Znm3GX12em8c6B0LX8vvA7Jw06Rf2Ksup1+3Ce1PTLiEy9A4FyRf3
+Hc2HmBbnJAtZlr5QikMqlzzAmmLqwH6dAoIBAC+ryaQGJFsijCSuaDfRp/uy9xnd
+DjgMdTwjl5WLBmyudChVMANl8eqCbvVO41CN84yORk03oQ4cx0eKxAZaLaSzgkb3
+W0X2nFQe7VJSYMQswCQ+1WfJvEFrIdkEKIa//uQdhqNrgUKSNVhhSTMbNEkDTIWn
+ssbv2H9hvUaFt/J/vP9zCKuU5oYvNU7Oi6ZXRYezRn9atlJYanLFoJnHUBRzGms5
+K0vhdCPDXQq87z5Yudoh0jLUQF9Nx0GTWeBceQ9n5hZeRUNQWxP4AJThQX9KSPTS
+mbL3Kh4XNRmAUJ2N+Njh+3dg91s+JkKvC1wcspLsmLPQe+9AxBSH9y5JE/8=
+-----END RSA PRIVATE KEY-----

apache/debian-9/conf/etc/httpd/vhost.conf

@@ -0,0 +1,23 @@
+#######################################
+# Vhost
+#######################################
+
+<VirtualHost *:80>
+  ServerName docker.vm
+  ServerAlias <ALIAS_DOMAIN>
+  DocumentRoot "<DOCUMENT_ROOT>"
+
+  UseCanonicalName Off
+
+  Include /opt/docker/etc/httpd/vhost.common.conf
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName docker.vm
+  ServerAlias <ALIAS_DOMAIN>
+  DocumentRoot "<DOCUMENT_ROOT>"
+
+  UseCanonicalName Off
+  Include /opt/docker/etc/httpd/vhost.common.conf
+  Include /opt/docker/etc/httpd/vhost.ssl.conf
+</VirtualHost>

apache/debian-9/conf/etc/httpd/vhost.ssl.conf

@@ -0,0 +1,27 @@
+  ############
+  # SSL
+  ############
+
+  SSLEngine             on
+  SSLCertificateFile    /opt/docker/etc/httpd/ssl/server.crt
+  SSLCertificateKeyFile /opt/docker/etc/httpd/ssl/server.key
+
+  <FilesMatch "\.(cgi|shtml|phtml|php)$">
+          SSLOptions +StdEnvVars
+  </FilesMatch>
+  <Directory /usr/lib/cgi-bin>
+          SSLOptions +StdEnvVars
+  </Directory>
+
+  BrowserMatch "MSIE [2-6]" \
+          nokeepalive ssl-unclean-shutdown \
+          downgrade-1.0 force-response-1.0
+  # MSIE 7 and newer should be able to use keepalive
+  # This regexp is ok with 17-9!
+  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+  ## SSL Hardening
+  SSLProtocol         All -SSLv2 -SSLv3
+  SSLHonorCipherOrder on
+  SSLCompression      off
+  SSLCipherSuite      'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'

apache/debian-9/conf/etc/supervisor.d/apache.conf

@@ -0,0 +1,14 @@
+[group:apache]
+programs=apached
+priority=20
+
+[program:apached]
+command = /opt/docker/bin/service.d/httpd.sh
+process_name=%(program_name)s
+startsecs = 0
+autostart = true
+autorestart = true
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0

apache/debian-9/conf/provision/roles/webdevops-apache/defaults/main.yml

@@ -0,0 +1,18 @@
+---
+
+APPLICATION_USER:  "{{ lookup('env','APPLICATION_USER') }}"
+APPLICATION_GROUP: "{{ lookup('env','APPLICATION_GROUP') }}"
+DOCUMENT_ROOT:     "{{ lookup('env','WEB_DOCUMENT_ROOT') }}"
+
+HTTPD_VARS:
+  - variable: DOCUMENT_INDEX
+    value:    "{{ lookup('env','WEB_DOCUMENT_INDEX') }}"
+
+  - variable: DOCUMENT_ROOT
+    value:    "{{ lookup('env','WEB_DOCUMENT_ROOT') }}"
+
+  - variable: ALIAS_DOMAIN
+    value:    "{{ lookup('env','WEB_ALIAS_DOMAIN') }}"
+
+  - variable: SERVERNAME
+    value:    "{{ ansible_nodename }}"

apache/debian-9/conf/provision/roles/webdevops-apache/tasks/bootstrap.yml

@@ -0,0 +1,62 @@
+---
+
+- name: Set apache vhost file [RedHat family]
+  set_fact:
+     apache_docker_vhost: /etc/httpd/conf.d/docker.conf
+  when: ansible_os_family == 'RedHat'
+
+- name: Set apache vhost file [Debian family]
+  set_fact:
+     apache_docker_vhost: /etc/apache2/sites-enabled/10-docker.conf
+  when: ansible_os_family == 'Debian'
+
+- name: Enable apache main config
+  file:
+    src:  '/opt/docker/etc/httpd/main.conf'
+    dest: '{{ apache_docker_vhost }}'
+    state: link
+    force: yes
+
+- name: Ensure document root is available
+  file:
+    path:    "{{ DOCUMENT_ROOT }}"
+    state:   directory
+    owner:   "{{ APPLICATION_USER }}"
+    group:   "{{ APPLICATION_GROUP }}"
+    recurse: yes
+
+- name: Ensure /var/run/apache2 exists
+  file:
+    path:    '/var/run/apache2'
+    state:   directory
+    recurse: yes
+
+- name: Switch MPM to worker [RedHat family]
+  lineinfile:
+    dest:   '/etc/httpd/conf.modules.d/00-mpm.conf'
+    regexp: '^[\s#]*{{ item.line }}'
+    line:   '{{ item.prefix }}{{ item.line }}'
+  with_items:
+   - { line: 'LoadModule mpm_prefork_module modules/mod_mpm_prefork.so', prefix: "#" }
+   - { line: 'LoadModule mpm_event_module modules/mod_mpm_event.so',   prefix: "" }
+  when: ansible_os_family == 'RedHat'
+
+- name: Switch MPM to event for Apache 2.4 and higher [Ubuntu family]
+  command: "{{ item }}"
+  with_items:
+   - 'a2dismod mpm_event'
+   - 'a2enmod mpm_event'
+  when: (ansible_distribution == 'Ubuntu' and ansible_lsb.major_release|int >= 14) or (ansible_distribution == 'Debian' and ansible_lsb.major_release|int >= 8)
+
+- name: Fix rights of ssl files
+  file:
+    path: "{{ item.path }}"
+    state: "{{ item.state }}"
+    mode:  "{{ item.mode }}"
+    owner: "root"
+    group: "root"
+  with_items:
+    - { path: '/opt/docker/etc/httpd/ssl',            state: 'directory', mode: '0750' }
+    - { path: '/opt/docker/etc/httpd/ssl/server.crt', state: 'file',      mode: '0640' }
+    - { path: '/opt/docker/etc/httpd/ssl/server.csr', state: 'file',      mode: '0640' }
+    - { path: '/opt/docker/etc/httpd/ssl/server.key', state: 'file',      mode: '0640' }