Felix Stupp
|
92b13e90ed
|
nginx/application: Fixed getting nameserver ips using ansible facts, not custom script
|
4 years ago |
Felix Stupp
|
ad9dbb8e61
|
Update nextcloud server configuration to be more strict
|
4 years ago |
Felix Stupp
|
8443555583
|
nginx/application: Changed port numbers to string
To avoid conversion warning of ansible
|
4 years ago |
Felix Stupp
|
a9c8fd9af3
|
Moved var nginx_installation_directory to global vars
|
5 years ago |
Felix Stupp
|
b1a93849a1
|
Moved var nginx_system_user to global vars
|
5 years ago |
Felix Stupp
|
f46e51115e
|
acme: Changed underlying package from acme.sh to certbot
|
5 years ago |
Felix Stupp
|
55451f321a
|
acme,nginx: Reversed dependency to match real dependency
|
5 years ago |
Felix Stupp
|
9ad4ada018
|
acme,nginx: Renamed var for validation root to acme prefix
|
5 years ago |
Felix Stupp
|
98b7f4744e
|
Extracted service_name of nginx to global var
|
5 years ago |
Felix Stupp
|
36da702163
|
nginx/application: Disable log for HTTPs forwarding
|
5 years ago |
Felix Stupp
|
5c374bc977
|
nginx/application: Added security relevant HTTP headers to global config
Duplicates removed from server/nextcloud
|
5 years ago |
Felix Stupp
|
9d8d041241
|
nginx/application: Fixed typo of "unnecessary"
|
5 years ago |
Felix Stupp
|
7a33ceffb8
|
nginx/application: Removed configuring trusted certificate for OCSP
Can be derived by given certificate for host
|
5 years ago |
Felix Stupp
|
12e47c19c9
|
all/vars: Added var global_log_directory
Added usage in role nginx/application
|
5 years ago |
Felix Stupp
|
08a37c6dab
|
nginx/application: Configure dhparams for SSL
|
5 years ago |
Felix Stupp
|
debbcb1a1b
|
nginx: Moved dot-file-exclution from global snippet to root snippet
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
|
5 years ago |
Felix Stupp
|
f2c92e94e2
|
nginx: Moved index directive from root snippet to specific static role
|
5 years ago |
Felix Stupp
|
58955871ad
|
nginx/application: Removed specfic exclusion of htaccess files
Because dot files are already blocked in general
|
5 years ago |
Felix Stupp
|
0043d6255a
|
nginx/application global.conf: Added comment to excluding hidden files
|
5 years ago |
Felix Stupp
|
2dcfd1b09e
|
nginx: Added full paths to includes of snippets / fastcgi_params
To allow Ansible to validate the main config if placed on different
locations
|
5 years ago |
Felix Stupp
|
8ebe8aecfb
|
nginx/application: Hide server tokens per default
|
5 years ago |
Felix Stupp
|
e2b7778c8b
|
nginx/application: Changed Referrer-Policy to strict-origin
For better enforcing of secure handling of referrer information
|
5 years ago |
Felix Stupp
|
fb0c1f0901
|
Changed "ansible_fqdn" to "inventory_hostname"
Due to some hosts misconfigure fqdn themselves
|
5 years ago |
Felix Stupp
|
9c63c8516b
|
nginx/application: Disabled SSL Session Tickets
|
5 years ago |
Felix Stupp
|
409ea327f0
|
nginx/application: Increased ssl_cache timeout
|
5 years ago |
Felix Stupp
|
fc897ea3b9
|
nginx/application: Fixed configuring resolver for OCSP Stapling
|
5 years ago |
Felix Stupp
|
edf455bf66
|
nginx/application: Allowed dot files uploads by Nextcloud
|
5 years ago |
Felix Stupp
|
c21ee11c66
|
nginx/application: Blocked all hidden directories except well-known
|
5 years ago |
Felix Stupp
|
502606b1e3
|
nginx/application: Set type to text for test file
|
5 years ago |
Felix Stupp
|
57e422b478
|
nginx/application: Disabled access_log on acme requests
|
5 years ago |
Felix Stupp
|
a3fde6aa3c
|
acme: Moved certificate handling to custom system user
Avoided using root for acme.sh
Modified also role nginx/application
|
5 years ago |
Felix Stupp
|
9ba13c5d73
|
nginx/application: Enabled OCSP Stapling
|
5 years ago |
Felix Stupp
|
22f14189c2
|
nginx/application: Enabled TLSv1.3 and reworked ciphers
|
5 years ago |
Felix Stupp
|
ce1f2fb132
|
nginx/application: Increased time for HSTS
|
5 years ago |
Felix Stupp
|
5bed7d067a
|
nginx/application: Added localhost as resolver for nginx
|
5 years ago |
Felix Stupp
|
d9eb74649f
|
nginx/application: Fixed missing notify for templates
|
5 years ago |
Felix Stupp
|
6c310a8f3d
|
roles/nginx/application: Set allow_duplicates to false
|
6 years ago |
Felix Stupp
|
6b376cacfa
|
roles/nginx/application: Added snippets acme and root
|
6 years ago |
Felix Stupp
|
da676ebc32
|
roles/nginx/application: Included upstreams directory
|
6 years ago |
Felix Stupp
|
7e56f8ada5
|
roles/nginx/application: Fixed global forwarding to https
|
6 years ago |
Felix Stupp
|
097ff3d743
|
roles/nginx/application: Fixed nginx variable configuration
|
6 years ago |
Felix Stupp
|
5676165f1c
|
roles/nginx/application: Fixed configuration for global logs
|
6 years ago |
Felix Stupp
|
d80261fe53
|
roles/nginx/application: Added validation for nginx.conf
|
6 years ago |
Felix Stupp
|
007c7ed2a4
|
roles/nginx/application: Fixed task names containing item keyword
|
6 years ago |
Felix Stupp
|
226bc9c873
|
Reconfigured nginx / acme validation handling
|
6 years ago |
Felix Stupp
|
7122bcf9e3
|
nginx/application: Enabled acme verification for all over http
|
6 years ago |
Felix Stupp
|
facee1a61d
|
nginx/application: Extracted acme snippets from global
|
6 years ago |
Felix Stupp
|
d08159eb24
|
nginx/application: Removed duplicated ssl configuration
|
6 years ago |
Felix Stupp
|
b49a832759
|
nginx/application: Added rules for firewall
|
6 years ago |
Felix Stupp
|
2186137327
|
nginx/application: Used vars in nginx.conf
|
6 years ago |