108 Commits (7e2aef6d026a2ca54770efd08df54c750eb99fd4)

Author SHA1 Message Date
Felix Stupp ad9dbb8e61
Update nextcloud server configuration to be more strict 4 years ago
Felix Stupp f323f9dd7c
nginx/php-fpm: Moved sockets to non-temporary directory
/var/run was cleared after reboot, required re-executing Ansible to run
PHP services.
4 years ago
Felix Stupp 58dfab8529
nginx: Tagged tasks using certificate information 4 years ago
Felix Stupp 7638b6f86c
nginx/php-pool: Added configuration for allow_overwrite_include 4 years ago
Felix Stupp 3ab19950c4
nginx/php-pool: Fixed memory_limit default to avoid overwrite by roles before 4 years ago
Felix Stupp 8443555583
nginx/application: Changed port numbers to string
To avoid conversion warning of ansible
4 years ago
Felix Stupp a9c8fd9af3
Moved var nginx_installation_directory to global vars 4 years ago
Felix Stupp b1a93849a1
Moved var nginx_system_user to global vars 4 years ago
Felix Stupp 34b867994c
nginx/proxy: Moved directives var to defaults
Overwrites directives in default of following roles
4 years ago
Felix Stupp f46e51115e
acme: Changed underlying package from acme.sh to certbot 4 years ago
Felix Stupp 0f57d44bb1
acme/certificate: Renamed certificate_location to fullchain_location 4 years ago
Felix Stupp 55451f321a
acme,nginx: Reversed dependency to match real dependency 4 years ago
Felix Stupp 9ad4ada018
acme,nginx: Renamed var for validation root to acme prefix 4 years ago
Felix Stupp 98b7f4744e
Extracted service_name of nginx to global var 4 years ago
Felix Stupp 829d67f0b8
nginx/static: Moved directives into var 5 years ago
Felix Stupp 08d3382528
nginx/static: Fix indention for location 5 years ago
Felix Stupp 36da702163
nginx/application: Disable log for HTTPs forwarding 5 years ago
Felix Stupp 5c374bc977
nginx/application: Added security relevant HTTP headers to global config
Duplicates removed from server/nextcloud
5 years ago
Felix Stupp 7889e10385
nginx/php-pool: Fixed default disabling of status_page_path 5 years ago
Felix Stupp b7d34b28ee
nginx/php: Made name of task more descriptive 5 years ago
Felix Stupp 9d8d041241
nginx/application: Fixed typo of "unnecessary" 5 years ago
Felix Stupp 458babf82c
nginx/php: Added support for php-fpm status page 5 years ago
Felix Stupp 2a672cb597
nginx/default_server: Extracted status_page_acl var 5 years ago
Felix Stupp ce55e33fda
nginx/php-pool: Added support for enabling status page 5 years ago
Felix Stupp e91f9d1a81
nginx/default_server: Hide status page by answering 403 always 5 years ago
Felix Stupp 74a62e861f
Added role nginx/default_server
To prevent circular dependencies, role must be included manually on
required servers
5 years ago
Felix Stupp 7a33ceffb8
nginx/application: Removed configuring trusted certificate for OCSP
Can be derived by given certificate for host
5 years ago
Felix Stupp 647f112c2b
nginx/server: Extracted special pre directives into configurable vars 5 years ago
Felix Stupp 11814fe236
nginx/server: Added explicit dependency to nginx/application 5 years ago
Felix Stupp 61c7f72422
nginx/server: Removed ssl on directive
Should no longer be used, listen + ssl marker is working as expected
5 years ago
Felix Stupp 12e47c19c9
all/vars: Added var global_log_directory
Added usage in role nginx/application
5 years ago
Felix Stupp 08a37c6dab
nginx/application: Configure dhparams for SSL 5 years ago
Felix Stupp debbcb1a1b
nginx: Moved dot-file-exclution from global snippet to root snippet
Only file based servers may require this directive,
other servers are not expected to leak hidden files other than on purpose
5 years ago
Felix Stupp cca87f6425
nginx/php: Changed global include to root include
root snippet is there for file based servers, including php
5 years ago
Felix Stupp f2c92e94e2
nginx: Moved index directive from root snippet to specific static role 5 years ago
Felix Stupp dd48448828
nginx/php: Removed debian-specific index file from config 5 years ago
Felix Stupp 58955871ad
nginx/application: Removed specfic exclusion of htaccess files
Because dot files are already blocked in general
5 years ago
Felix Stupp 0043d6255a
nginx/application global.conf: Added comment to excluding hidden files 5 years ago
Felix Stupp 274f658016
nginx/php-pool: Fixed permissions for other 5 years ago
Felix Stupp 2dcfd1b09e
nginx: Added full paths to includes of snippets / fastcgi_params
To allow Ansible to validate the main config if placed on different
locations
5 years ago
Felix Stupp 8ebe8aecfb
nginx/application: Hide server tokens per default 5 years ago
Felix Stupp e2b7778c8b
nginx/application: Changed Referrer-Policy to strict-origin
For better enforcing of secure handling of referrer information
5 years ago
Felix Stupp 1855deb351
nginx/server: Documentated required variables 5 years ago
Felix Stupp 8b75c49917
nginx/proxy: Made dependent on nginx/server and allowed additional directives 5 years ago
Felix Stupp fb0c1f0901
Changed "ansible_fqdn" to "inventory_hostname"
Due to some hosts misconfigure fqdn themselves
5 years ago
Felix Stupp 9c63c8516b
nginx/application: Disabled SSL Session Tickets 5 years ago
Felix Stupp 409ea327f0
nginx/application: Increased ssl_cache timeout 5 years ago
Felix Stupp b9f060a0ce
nginx/php-fpm: Added installation of apcu cache 5 years ago
Felix Stupp 7df2668208
nginx/php-fpm: Increased size of opcache memory consumption to 256 5 years ago
Felix Stupp 206c940d16
nginx/php-pool: Tuned up childs at php 5 years ago