我试图通过ansible管理我的apache http虚拟主机配置文件。我想在文件中的某个点插入一个新行。不幸的是,我的ansible配置不正确,因为ansible总是在文件的末尾插入新行。
这是我要插入的行:
Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ $1
这就是我正在使用的ansible任务配置。所以你可以看到我想在第37行之前插入新行,当评论'#each header ...'开始时。
- lineinfile:
path: /somewhere/default.conf
regexp: '^[ ]Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ $1'
insertbefore: '^[ \t]# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.'
line: 'Header edit Set-Cookie (ADRU.*=.*);\s?HttpOnly$ $1'
这就是default.conf
<VirtualHost 0.0.0.0:${JIVE_HTTPD_PORT}>
DocumentRoot "${JIVE_HOME}/var/www"
ErrorDocument 404 /___sbsstatic___/404.html
ErrorDocument 500 /___sbsstatic___/500.html
ErrorDocument 501 /___sbsstatic___/catchall.html
ErrorDocument 502 /___sbsstatic___/catchall.html
ErrorDocument 503 /___sbsstatic___/maintenance.html
ErrorDocument 504 /___sbsstatic___/maintenance.html
ErrorDocument 505 /___sbsstatic___/catchall.html
<Directory />
Options FollowSymLinks
Require all denied
</Directory>
<Directory ${JIVE_HOME}/applications/*/home/www>
Options FollowSymLinks
Require all granted
</Directory>
<Directory ${JIVE_HOME}/var/www/resources>
Options -Indexes
</Directory>
LogLevel info
CustomLog "${LOG_DIR}/jive-httpd-access.log" common
ErrorLog "${LOG_DIR}/jive-httpd-error.log"
RequestHeader set X-Forwarded-Secure "false"
ProxyRequests Off
ProxyPreserveHost on
Header edit Set-Cookie "(?<!;\sHttpOnly)$" ";HttpOnly"
# The JCAPI-Token (CSRF protection via double-submit cookie) needs to accessible, so strip HttpOnly
Header edit Set-Cookie (JCAPI-Token=.*);\s?HttpOnly$ $1
# each header may be up to 12392 bytes. This is the SPNEGO authentication header size limit.
LimitRequestFieldsize 12392
RewriteEngine On
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/$1 [PT]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
# Replace double dashes on project urls to keep old links working on updated instances
RewriteRule ^(.*/projects/.*)--(.*)$ $1-$2 [L,R=301]
CacheMaxFileSize 5242880
CacheEnable mem /images/
CacheEnable mem /scripts/
CacheEnable mem /styles/
CacheEnable mem /resources/
CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID
# Header unset X-JIVE-USER-ID
ExpiresActive On
ExpiresDefault "now"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/jpeg "access plus 10 years"
ExpiresByType image/x-icon "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType application/x-shockwave-flash "access plus 10 years"
<LocationMatch "\.(woff|eot|ttf|svg)$">
ExpiresDefault "access plus 10 years"
</LocationMatch>
ProxyPass /___sbsstatic___/ !
ProxyPass /images/ !
ProxyPass /styles/ !
ProxyPass /scripts/ !
ProxyPass /resources/scripts/ !
ProxyPass /resources/images/ !
ProxyPass /resources/styles/ !
ProxyPass /resources/statics/ !
Include sites/proxies/*.conf
Include sites/conf.d/*.conf
</VirtualHost>
<IfDefine SSL>
Listen ${SSL_PORT}
<VirtualHost 0.0.0.0:${SSL_PORT}>
DocumentRoot "${JIVE_HOME}/var/www"
ErrorDocument 404 /___sbsstatic___/404.html
ErrorDocument 500 /___sbsstatic___/500.html
ErrorDocument 501 /___sbsstatic___/catchall.html
ErrorDocument 502 /___sbsstatic___/catchall.html
ErrorDocument 503 /___sbsstatic___/maintenance.html
ErrorDocument 504 /___sbsstatic___/maintenance.html
ErrorDocument 505 /___sbsstatic___/catchall.html
<Directory />
Options FollowSymLinks
Require all granted
SSLRequireSSL
</Directory>
<Directory ${JIVE_HOME}/var/www/resources>
Options -Indexes
</Directory>
LogLevel info
CustomLog "${LOG_DIR}/jive-httpd-ssl-access.log" common
ErrorLog "${LOG_DIR}/jive-httpd-ssl-error.log"
RequestHeader set X-Forwarded-Secure "true"
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/images/(.*)$ /images/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/scripts/(.*)$ /scripts/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/styles/(.*)$ /styles/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/resources/(.*)$ /resources/$1
RewriteRule ^/[0-9]\.[0-9]\.[0-9]{1,3}\.[0-9a-f]{1,10}/__services/(.*)$ /__services/$1 [PT]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
# Replace double dashes on project urls to keep old links working on updated instances
RewriteRule ^(.*/projects/.*)--(.*)$ $1-$2 [L,R=301]
CacheMaxFileSize 5242880
CacheEnable mem /styles/
CacheEnable mem /images/
CacheEnable mem /scripts/
CacheEnable mem /resources/
CacheIgnoreHeaders Set-Cookie X-JIVE-USER-ID
# Header unset X-JIVE-USER-ID
ExpiresActive On
ExpiresDefault "now"
ExpiresByType image/gif "access plus 10 years"
ExpiresByType image/png "access plus 10 years"
ExpiresByType image/jpeg "access plus 10 years"
ExpiresByType image/x-icon "access plus 10 years"
ExpiresByType text/css "access plus 10 years"
ExpiresByType application/javascript "access plus 10 years"
ExpiresByType application/x-shockwave-flash "access plus 10 years"
<LocationMatch "\.(woff|eot|ttf|svg)$">
ExpiresDefault "access plus 10 years"
</LocationMatch>
ProxyPass /___sbsstatic___/ !
ProxyPass /images/ !
ProxyPass /styles/ !
ProxyPass /scripts/ !
ProxyPass /resources/scripts/ !
ProxyPass /resources/images/ !
ProxyPass /resources/styles/ !
ProxyPass /resources/statics/ !
Include sites/proxies/*.conf
Include sites/conf.d/*.conf
SSLEngine on
SSLCipherSuite ALL:!ADH:!LOW:!EXP:!SSLv2:!NULL:RC4:RSA:HIGH:MEDIUM
SSLCertificateFile "${SSL_CERTIFICATE_FILE}"
SSLCertificateKeyFile "${SSL_CERTIFICATE_KEY_FILE}"
</VirtualHost>
</IfDefine>
这似乎是你的insertbefore
正则表达式的一个问题,特别是与[ \t]
部分。
我会改用\s*
,这意味着任何一个或多个空白字符。
此外,您使用.
作为标记,而不是点的实际字符。你应该逃避它。
所以它会是:
insertbefore: '^\s*# each header may be up to 12392 bytes\. This is the SPNEGO authentication header size limit\.'
我建议使用website regex101.com,你可以通过对正则表达式模式的细分解释来对你的正则表达式进行在线检查。
我的建议中的具体输入已预先填写在此link中。
一种选择是使用模板并将虚拟主机的配置放在单独的文件中
- name: "httpd-vhosts: Configure virtual hosts in {{ apache_conf_path }}/extra/"
template:
src: "vhost.j2"
dest: "{{ apache_conf_path }}/extra/{{ item.ServerName }}.conf"
....
并在httpd.conf中包含这些文件
- name: "httpd-vhosts: Incl virtual hosts in {{ apache_conf_path }}/httpd.conf"
lineinfile:
dest: "{{ apache_conf_path }}/httpd.conf"
regexp: "^Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
line: "Include etc/apache{{ apache_version }}/extra/{{ item.ServerName }}.conf"
...
有关详情,请访问httpd-vhosts.yml和vhost.j2。 FWIW,这是Apache Galaxy的角色。