Automate light server

Co-authored-by: J <j@jsts.xyz>
2022-11-17 23:30:52 +01:00 · 2022-11-17 23:30:52 +01:00 · e74a50e873
commit e74a50e873
parent aefdd123a4
40 changed files with 401 additions and 10 deletions
--- a/playbooks/roles/nginx/templates/99nginx.j2
+++ b/playbooks/roles/nginx/templates/99nginx.j2
@ -0,0 +1,4 @@
+Package: *
+Pin: origin nginx.org
+Pin: release o=nginx
+Pin-Priority: 900
--- a/playbooks/roles/nginx/templates/redirect.conf.j2
+++ b/playbooks/roles/nginx/templates/redirect.conf.j2
@ -0,0 +1,9 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+    server_name _;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
--- a/playbooks/roles/nginx/templates/tls.conf.j2
+++ b/playbooks/roles/nginx/templates/tls.conf.j2
@ -0,0 +1,9 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
+ssl_prefer_server_ciphers off;
+ssl_dhparam /etc/nginx/dhparam.pem;
+ssl_session_timeout 1d;
+ssl_session_cache shared:MozSSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;