Catching up Webserver config
This commit is contained in:
parent
72a62b63eb
commit
890e20c64c
@ -1,21 +1,12 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name default_server;
|
||||
include sec.conf;
|
||||
include letsencrypt.conf;
|
||||
include default.csp.conf;
|
||||
rewrite ^/(.*)$ https://aninix.net/$1 permanent;
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name aninix.net;
|
||||
|
||||
include sec.conf;
|
||||
include letsencrypt.conf;
|
||||
include default.csp.conf;
|
||||
|
||||
include letsencrypt.conf;
|
||||
|
||||
location / {
|
||||
|
||||
rewrite ^/martialarts(\/)*(\/index.html)*$ /assets/martialarts/index.html;
|
||||
@ -54,3 +45,16 @@ server {
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name foundation.aninix.net;
|
||||
include sec.conf;
|
||||
include letsencrypt.conf;
|
||||
include default.csp.conf;
|
||||
|
||||
location / {
|
||||
rewrite ^/(.*)$ https://aninix.net/$1 permanent;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -4,7 +4,6 @@ server {
|
||||
|
||||
include sec.conf;
|
||||
include default.csp.conf;
|
||||
include letsencrypt.conf;
|
||||
|
||||
location /
|
||||
{
|
||||
@ -19,4 +18,7 @@ server {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Real-PORT $remote_port;
|
||||
}
|
||||
|
||||
include letsencrypt.conf;
|
||||
|
||||
}
|
||||
|
@ -2,7 +2,7 @@ server {
|
||||
listen 443 ssl;
|
||||
server_name lykos.aninix.net;
|
||||
|
||||
include letsencrypt.conf;
|
||||
# include local.conf;
|
||||
|
||||
root /usr/share/webapps/;
|
||||
|
||||
@ -34,4 +34,6 @@ server {
|
||||
deny all;
|
||||
}
|
||||
|
||||
include letsencrypt.conf;
|
||||
|
||||
}
|
||||
|
@ -6,6 +6,7 @@ server {
|
||||
include default.csp.conf;
|
||||
include letsencrypt.conf;
|
||||
|
||||
location / {
|
||||
root /usr/share/webapps/self-service-password/htdocs/;
|
||||
|
||||
# https://ltb-project.org/documentation/self-service-password/1.3/config_nginx
|
||||
@ -28,6 +29,7 @@ server {
|
||||
#access_log /dev/stdout info;
|
||||
|
||||
include ../conf.d/fastcgi.config;
|
||||
}
|
||||
|
||||
# deny access to . files, for security
|
||||
#
|
||||
|
14
roles/WebServer/files/conf.d/Core/travelpawscvt.com.conf
Normal file
14
roles/WebServer/files/conf.d/Core/travelpawscvt.com.conf
Normal file
@ -0,0 +1,14 @@
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name travelpawscvt.com;
|
||||
|
||||
#include local.conf;
|
||||
include letsencrypt.conf;
|
||||
include ../conf.d/fastcgi.config;
|
||||
|
||||
root /opt/travelpawscvt;
|
||||
|
||||
client_max_body_size 5m;
|
||||
client_body_timeout 60;
|
||||
|
||||
}
|
@ -4,7 +4,6 @@ server {
|
||||
|
||||
include sec.conf;
|
||||
include default.csp.conf;
|
||||
include letsencrypt.conf;
|
||||
|
||||
location /
|
||||
{
|
||||
@ -12,4 +11,6 @@ server {
|
||||
autoindex on;
|
||||
autoindex_format html;
|
||||
}
|
||||
|
||||
include letsencrypt.conf;
|
||||
}
|
||||
|
@ -1,5 +1,4 @@
|
||||
location ~ ^/.well-known/acme-challenge
|
||||
{
|
||||
location /.well-known/acme-challenge {
|
||||
allow all;
|
||||
root /var/lib/letsencrypt/;
|
||||
default_type "text/plain";
|
||||
|
@ -53,6 +53,17 @@
|
||||
mode: 0660
|
||||
register: conf
|
||||
|
||||
- name: Populate security config
|
||||
become: yes
|
||||
template:
|
||||
src: sec.conf.j2
|
||||
dest: /opt/openresty/nginx/conf/sec.conf
|
||||
owner: http
|
||||
group: http
|
||||
mode: 0660
|
||||
register: secconf
|
||||
|
||||
|
||||
- name: Ensure default openresty service file is off.
|
||||
become: yes
|
||||
service:
|
||||
@ -62,7 +73,7 @@
|
||||
|
||||
- name: Ensure service is started
|
||||
become: yes
|
||||
when: conf.changed or confd.changed
|
||||
when: conf.changed or confd.changed or secconf.changed
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
enabled: yes
|
||||
|
@ -1,12 +1,12 @@
|
||||
ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/aninix.net-0001/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/aninix.net-0001/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ ssl.identity }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ ssl.identity }}/privkey.pem;
|
||||
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 5m;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "!NULL:!SSLv2:!SSLv3:!TLSv1:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
|
||||
ssl_ciphers "{{ ssl.ciphersuite }}";
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
add_header "Strict-Transport-Security" "max-age=63072000; includeSubDomains; preload";
|
Loading…
Reference in New Issue
Block a user