freifunk/ansible-config
0
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update nginx SSL settings, includes

Browse source
This commit is contained in:
Alexander Dietrich 2017-02-10 20:38:12 +01:00
parent eed7317b0c
commit 28efaaafdc
4 changed files with 17 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
roles/nginx/defaults/main.yml Normal file
View file

@ -0,0 +1 @@
nginx_resolver: 127.0.0.1 [::1]

4
roles/nginx/files/etc/nginx/include/ssl_rewrite.conf Normal file
View file

@ -0,0 +1,4 @@
# Generischer Rewrite von HTTP nach HTTPS
location / {
return 302 https://$server_name$request_uri;
}

8
roles/nginx/tasks/main.yml
View file

@ -22,10 +22,10 @@
notify: restart nginx
tags: nginx
- name: copy nginx.conf
copy:
src: etc/nginx/nginx.conf
dest: /etc/nginx
- name: template nginx.conf
template:
src: templates/nginx.conf.j2
dest: /etc/nginx/nginx.conf
mode: 0644
owner: root
group: root

9
roles/nginx/files/etc/nginx/nginx.conf → roles/nginx/templates/nginx.conf.j2
View file

@ -30,8 +30,15 @@ http {
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+AES:+SHA1;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver {{ nginx_resolver }};
##
# Logging Settings