54 Commits (6c48b7360ea5f1936129e281691a0eded2df651d)

Author SHA1 Message Date
Felix Stupp 92b13e90ed
nginx/application: Fixed getting nameserver ips using ansible facts, not custom script 4 years ago
Felix Stupp ad9dbb8e61
Update nextcloud server configuration to be more strict 4 years ago
Felix Stupp 8443555583
nginx/application: Changed port numbers to string
To avoid conversion warning of ansible
4 years ago
Felix Stupp a9c8fd9af3
Moved var nginx_installation_directory to global vars 5 years ago
Felix Stupp b1a93849a1
Moved var nginx_system_user to global vars 5 years ago
Felix Stupp f46e51115e
acme: Changed underlying package from acme.sh to certbot 5 years ago
Felix Stupp 55451f321a
acme,nginx: Reversed dependency to match real dependency 5 years ago
Felix Stupp 9ad4ada018
acme,nginx: Renamed var for validation root to acme prefix 5 years ago
Felix Stupp 98b7f4744e
Extracted service_name of nginx to global var 5 years ago
Felix Stupp 36da702163
nginx/application: Disable log for HTTPs forwarding 5 years ago
Felix Stupp 5c374bc977
nginx/application: Added security relevant HTTP headers to global config
Duplicates removed from server/nextcloud
5 years ago
Felix Stupp 9d8d041241
nginx/application: Fixed typo of "unnecessary" 5 years ago
Felix Stupp 7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP
Can be derived by given certificate for host
5 years ago
Felix Stupp 12e47c19c9
all/vars: Added var global_log_directory
Added usage in role nginx/application
5 years ago
Felix Stupp 08a37c6dab
nginx/application: Configure dhparams for SSL 5 years ago
Felix Stupp debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp f2c92e94e2
nginx: Moved index directive from root snippet to specific static role 5 years ago
Felix Stupp 58955871ad
nginx/application: Removed specfic exclusion of htaccess files
Because dot files are already blocked in general
5 years ago
Felix Stupp 0043d6255a
nginx/application global.conf: Added comment to excluding hidden files 5 years ago
Felix Stupp 2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp 8ebe8aecfb
nginx/application: Hide server tokens per default 5 years ago
Felix Stupp e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
For better enforcing of secure handling of referrer information
5 years ago
Felix Stupp fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp 9c63c8516b
nginx/application: Disabled SSL Session Tickets 5 years ago
Felix Stupp 409ea327f0
nginx/application: Increased ssl_cache timeout 5 years ago
Felix Stupp fc897ea3b9
nginx/application: Fixed configuring resolver for OCSP Stapling 5 years ago
Felix Stupp edf455bf66
nginx/application: Allowed dot files uploads by Nextcloud 5 years ago
Felix Stupp c21ee11c66
nginx/application: Blocked all hidden directories except well-known 5 years ago
Felix Stupp 502606b1e3
nginx/application: Set type to text for test file 5 years ago
Felix Stupp 57e422b478
nginx/application: Disabled access_log on acme requests 5 years ago
Felix Stupp a3fde6aa3c
acme: Moved certificate handling to custom system user
Avoided using root for acme.sh
Modified also role nginx/application
5 years ago
Felix Stupp 9ba13c5d73
nginx/application: Enabled OCSP Stapling 5 years ago
Felix Stupp 22f14189c2
nginx/application: Enabled TLSv1.3 and reworked ciphers 5 years ago
Felix Stupp ce1f2fb132
nginx/application: Increased time for HSTS 5 years ago
Felix Stupp 5bed7d067a
nginx/application: Added localhost as resolver for nginx 5 years ago
Felix Stupp d9eb74649f
nginx/application: Fixed missing notify for templates 5 years ago
Felix Stupp 6c310a8f3d
roles/nginx/application: Set allow_duplicates to false 6 years ago
Felix Stupp 6b376cacfa
roles/nginx/application: Added snippets acme and root 6 years ago
Felix Stupp da676ebc32
roles/nginx/application: Included upstreams directory 6 years ago
Felix Stupp 7e56f8ada5
roles/nginx/application: Fixed global forwarding to https 6 years ago
Felix Stupp 097ff3d743
roles/nginx/application: Fixed nginx variable configuration 6 years ago
Felix Stupp 5676165f1c
roles/nginx/application: Fixed configuration for global logs 6 years ago
Felix Stupp d80261fe53
roles/nginx/application: Added validation for nginx.conf 6 years ago
Felix Stupp 007c7ed2a4
roles/nginx/application: Fixed task names containing item keyword 6 years ago
Felix Stupp 226bc9c873
Reconfigured nginx / acme validation handling 6 years ago
Felix Stupp 7122bcf9e3
nginx/application: Enabled acme verification for all over http 6 years ago
Felix Stupp facee1a61d
nginx/application: Extracted acme snippets from global 6 years ago
Felix Stupp d08159eb24
nginx/application: Removed duplicated ssl configuration 6 years ago
Felix Stupp b49a832759
nginx/application: Added rules for firewall 6 years ago
Felix Stupp 2186137327
nginx/application: Used vars in nginx.conf 6 years ago