blacksaildivision / lamponsteroids Goto Github PK

We should be able to manage crontab from Ansible

When running Apache with PHP-FPM and requesting non-existing PHP file there is an error:

[Sun Feb 21 15:34:02.036018 2016] [proxy_fcgi:error] [pid 2610:tid 140051509872384] [client xx.xx.xx.xx:47246] AH01071: Got error 'Primary script unknown\n'

MySQL Tuner is nice feature and we should have it installed:)

Apache role with basic configuration

Make 3 enters between tasks, ie in users.yml file.
Change tags in sudo.yml tasks

Install and configure Redis

Weak ciphers should be removed from SSH config

Install nodejs, npm and global packages

Better option to disable OpCache is to disable entire zend_extension instead disabling enable=1 option

Currently it's not possible to pull repositories from Git by SSH protocol

When entering server IP there is default Apache page. It would be cool t o redirect it to something else

Create AWS role for AWS-CLI

MySQL 5.7 role with

• MySQL installation
• MySQL tuner
• Backup system maybe?

iptables role or centos add-on would be a nice thing

Secure YUM
Remove unnecessary packages
Update everything else

Backup and push to s3 would be a nice feature

It would be nice to have the list of packages that were autoremoved from the server

chkconfig yum-cron

Let's encrypt for HTTPS would be nice to have

Create MySQL database backup system with pushing dumps to AWS S3
Blocker: #47

After proxying we only have 127.0.0.1 as IP. We need real address here.

Configure mod_deflate and gzip compression in httpd role

It would be nice to add logrotate configuration for httpd role

Secure SSH is a must on webserver, we need to add some security layer, disable unsafe protocols, disable root login etc.

No information about SSH in README

When trying to request .well-known in nginx we got 403 forbidden because of a rule that is blocking access to . files. We need to fix that problem.
Also there is invalid path - /var/www/letsencrypt/ should be /var/lib/letsencrypt

Install latest version of GIT

We need to add SetEnvIf module. There are some plugins that uses it + there is a need to pass Authorization token to nginx

PHP 7 role with

• composer
• opcache
• redis plugin
• mongo plugin
• mongodb plugin

Install Mongo with latest version
Maybe add backup system

Currently output looks more or less like this:

Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.cicku.me\n * epel: mirror.daniel-jost.net\n * extras: mirrors.cicku.me\n * updates: mirrors.cicku.me\nUpdated Packages\ndnsmasq.x86_64                   2.66-14.el7_2.1                 updates        \ngit.x86_64                       1.8.3.1-6.el7_2.1               updates        \nkernel-devel.x86_64              3.10.0-327.36.1.el7             updates        \nkernel-headers.x86_64            3.10.0-327.36.1.el7             updates        \nmdadm.x86_6

It needs to be prettier!

Configuration for Opcache should be added to php role

Create fake repository for GIT to solve issue with perl-git dependencies

Configure mod_ssl and http/2 module in apache
Check configuration with ssltest lab

libselinux-python package is required for Ansible templating, but it gets autoremoved by yum.yml task.
There should be option to exclude package from yum autoremove

We need to be able to install NTP service and configure time properly

Make it possible to configure redirects in httpd role (separate virutalhost)
Configure localhost redirect as well

Task is not detecting list of autoremoved packages and available packages to update on some systems that displays text in language different than English.

Nginx role would be nice to have as opposite to Apache

In order to fully support HTTP/2 in Apache we need to update OpenSSL to at least 1.0.2 version. Having latest version will improve security and performance.

Change path to /usr/local/openssl/lib in git role when configure
Add missing library expat-devel to httpd dependencies

If you won't use centos role, you probably don't have it installed. It's required for Ansible templating

Add possibility to manage transparent huge pages

We should be able to manage workers for Proxy in VirtualHosts: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

Each vhost and log directory from httpd should be logrotated

Rotating logs in PHP like error log and slow log would be nice addition

• Apache
• Directory Check
• HTTP Check
• MongoDB
• NGINX
• NTP Check
• PHP-FPM *
• Redis
• System Core