Remove nginx role
This commit is contained in:
parent
996c028298
commit
2223682de4
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
nginx_access_log: "off"
|
||||
nginx_ciphers: "ECDH+aRSA+CHACHA20:ECDH+aRSA+AESGCM"
|
||||
nginx_curves: "X25519:secp521r1:secp384r1"
|
||||
nginx_error_log: "/dev/null error"
|
||||
nginx_packages: [nginx]
|
||||
nginx_tls_versions: TLSv1.2 TLSv1.3
|
||||
nginx_worker_connections: 512
|
||||
nginx_worker_processes: auto
|
|
@ -1,10 +0,0 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>502 Bad Gateway</title>
|
||||
<link rel="stylesheet" href="/_error-pages/style.css">
|
||||
</head>
|
||||
<body>
|
||||
<img src="/_error-pages/bad_gateway.png" alt="Bad Gateway Sign" class="singleton">
|
||||
</body>
|
Binary file not shown.
Before Width: | Height: | Size: 20 KiB |
|
@ -1,4 +0,0 @@
|
|||
img.singleton {
|
||||
display: block;
|
||||
margin: 10px auto;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
openssl_conf = default_conf
|
||||
|
||||
[default_conf]
|
||||
ssl_conf = ssl_sect
|
||||
|
||||
[ssl_sect]
|
||||
system_default = system_default_sect
|
||||
|
||||
[system_default_sect]
|
||||
Ciphersuites = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
|
|
@ -1,3 +0,0 @@
|
|||
autoindex on;
|
||||
autoindex_exact_size on;
|
||||
autoindex_localtime off;
|
|
@ -1,5 +0,0 @@
|
|||
error_page 502 /_error-pages/502.html;
|
||||
|
||||
location ^~ /_error-pages {
|
||||
root /var/www;
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
add_header Expect-CT "max-age=86400, enforce" always;
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
proxy_hide_header Expect-CT;
|
||||
proxy_hide_header Strict-Transport-Security;
|
|
@ -1,8 +0,0 @@
|
|||
add_header Referrer-Policy same-origin always;
|
||||
add_header X-Content-Type-Options nosniff always;
|
||||
add_header X-Frame-Options sameorigin always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
proxy_hide_header Referrer-Policy;
|
||||
proxy_hide_header X-Content-Type-Options;
|
||||
proxy_hide_header X-Frame-Options;
|
||||
proxy_hide_header X-XSS-Protection;
|
|
@ -1,6 +0,0 @@
|
|||
location ^~ /.well-known/acme-challenge {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://srv01.hamburg.freifunk.net$request_uri;
|
||||
access_log off;
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
location ^~ /.well-known/acme-challenge {
|
||||
root /var/www/_acme-challenge;
|
||||
try_files $uri $uri/ =404;
|
||||
access_log off;
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
disable_symlinks if_not_owner from=$document_root;
|
||||
|
||||
# Do not serve dotfiles.
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
|
@ -1,43 +0,0 @@
|
|||
---
|
||||
- name: install nginx
|
||||
apt:
|
||||
name: "{{ nginx_packages }}"
|
||||
cache_valid_time: 86400
|
||||
|
||||
- name: create directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- /var/www/_acme-challenge
|
||||
- /var/www/_error-pages
|
||||
|
||||
- name: copy error-pages
|
||||
copy:
|
||||
src: error-pages/
|
||||
dest: /var/www/_error-pages/
|
||||
|
||||
- name: copy snippets
|
||||
copy:
|
||||
src: snippets
|
||||
dest: /etc/nginx/
|
||||
|
||||
- name: copy openssl.cnf
|
||||
copy:
|
||||
src: openssl.cnf
|
||||
dest: /etc/ssl/
|
||||
backup: yes
|
||||
notify: restart nginx
|
||||
|
||||
- name: template nginx.conf
|
||||
template:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/
|
||||
backup: yes
|
||||
notify: reload nginx
|
||||
|
||||
- name: remove default site
|
||||
file:
|
||||
path: /etc/nginx/sites-enabled/default
|
||||
state: absent
|
||||
notify: reload nginx
|
|
@ -1,76 +0,0 @@
|
|||
user www-data;
|
||||
worker_processes {{ nginx_worker_processes }};
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections {{ nginx_worker_connections }};
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
server_tokens off;
|
||||
{% if nginx_resolver is defined %}
|
||||
resolver {{ nginx_resolver }};
|
||||
{% endif %}
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols {{ nginx_tls_versions }};
|
||||
ssl_ciphers {{ nginx_ciphers }};
|
||||
ssl_ecdh_curve {{ nginx_curves }};
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10M;
|
||||
ssl_session_timeout 10m;
|
||||
ssl_session_tickets off;
|
||||
{% if nginx_resolver is defined %}
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
{% endif %}
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
log_format privacy '$server_name:$server_port 127.0.0.1 - - [$time_local] "$request" $status $body_bytes_sent';
|
||||
access_log {{ nginx_access_log }};
|
||||
error_log {{ nginx_error_log }};
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
Loading…
Reference in a new issue