78 Commits (646e6d5c755a535d241e259c10bfd612defbd4ef)

Author SHA1 Message Date
Felix Stupp 12e47c19c9
all/vars: Added var global_log_directory
Added usage in role nginx/application
5 years ago
Felix Stupp 08a37c6dab
nginx/application: Configure dhparams for SSL 5 years ago
Felix Stupp debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp cca87f6425
nginx/php: Changed global include to root include
root snippet is there for file based servers, including php
5 years ago
Felix Stupp f2c92e94e2
nginx: Moved index directive from root snippet to specific static role 5 years ago
Felix Stupp dd48448828
nginx/php: Removed debian-specific index file from config 5 years ago
Felix Stupp 58955871ad
nginx/application: Removed specfic exclusion of htaccess files
Because dot files are already blocked in general
5 years ago
Felix Stupp 0043d6255a
nginx/application global.conf: Added comment to excluding hidden files 5 years ago
Felix Stupp 274f658016
nginx/php-pool: Fixed permissions for other 5 years ago
Felix Stupp 2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp 8ebe8aecfb
nginx/application: Hide server tokens per default 5 years ago
Felix Stupp e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
For better enforcing of secure handling of referrer information
5 years ago
Felix Stupp 1855deb351
nginx/server: Documentated required variables 5 years ago
Felix Stupp 8b75c49917
nginx/proxy: Made dependent on nginx/server and allowed additional directives 5 years ago
Felix Stupp fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp 9c63c8516b
nginx/application: Disabled SSL Session Tickets 5 years ago
Felix Stupp 409ea327f0
nginx/application: Increased ssl_cache timeout 5 years ago
Felix Stupp b9f060a0ce
nginx/php-fpm: Added installation of apcu cache 5 years ago
Felix Stupp 7df2668208
nginx/php-fpm: Increased size of opcache memory consumption to 256 5 years ago
Felix Stupp 206c940d16
nginx/php-pool: Tuned up childs at php 5 years ago
Felix Stupp fc897ea3b9
nginx/application: Fixed configuring resolver for OCSP Stapling 5 years ago
Felix Stupp 03884cbf3e
nginx/server: Allowed duplicates of role 5 years ago
Felix Stupp edf455bf66
nginx/application: Allowed dot files uploads by Nextcloud 5 years ago
Felix Stupp c21ee11c66
nginx/application: Blocked all hidden directories except well-known 5 years ago
Felix Stupp 502606b1e3
nginx/application: Set type to text for test file 5 years ago
Felix Stupp 57e422b478
nginx/application: Disabled access_log on acme requests 5 years ago
Felix Stupp 8e28bcb0ec
Added role nginx/php 5 years ago
Felix Stupp 72e7857570
nginx/php-pool: Locked reading of php-pool configurations 5 years ago
Felix Stupp 3414e3fd85
nginx/php-pool: Changed group of src directory to nginx user 5 years ago
Felix Stupp 4f1fdf72c7
nginx/php-pool: Added support for env variables 5 years ago
Felix Stupp 133d82e0bb
nginx/proxy: Added doc for var upstream_name 5 years ago
Felix Stupp bcfd4cb010
Fixed missing mode setting for others
To disallow access from others than user and group
5 years ago
Felix Stupp a3fde6aa3c
acme: Moved certificate handling to custom system user
Avoided using root for acme.sh
Modified also role nginx/application
5 years ago
Felix Stupp 002ecc28b0
nginx/php-pool: Removed not needed system user configuration 5 years ago
Felix Stupp 5486d06226
nginx/php-fpm: Fixed removing default php-fpm pool 5 years ago
Felix Stupp 964099cfdb
nginx/php-fpm: Added configuration for php opcache 5 years ago
Felix Stupp 852dbdb143
php-pool: Added domain to required variables (doc-only) 5 years ago
Felix Stupp 029fba1983
nginx/php-pool: Added support for custom memory_limit 5 years ago
Felix Stupp a0000e3c7f
nginx/php*: Fixed handler names for controlling php-fpm service 5 years ago
Felix Stupp ce90f3dadf
nginx/php-fpm: Fixed getting php-fpm for newer versions of Debian 5 years ago
Felix Stupp 9ba13c5d73
nginx/application: Enabled OCSP Stapling 5 years ago
Felix Stupp 22f14189c2
nginx/application: Enabled TLSv1.3 and reworked ciphers 5 years ago
Felix Stupp ce1f2fb132
nginx/application: Increased time for HSTS 5 years ago
Felix Stupp 5bed7d067a
nginx/application: Added localhost as resolver for nginx 5 years ago
Felix Stupp d9eb74649f
nginx/application: Fixed missing notify for templates 5 years ago
Felix Stupp 0bec0a9630
Added role nginx/server 5 years ago
Felix Stupp 3f19422c0c
Added role nginx/php-pool 5 years ago
Felix Stupp 692b9bf74b
Added role nginx/php-fpm
For php-fpm setup
5 years ago
Felix Stupp f85d1a4477
roles/nginx/forward: nginx configuration "redirect" -> "return" 6 years ago
Felix Stupp d938fdfb39
roles/nginx/forward: Fixed name of configuration template 6 years ago