nginx Basis-Setup

This commit is contained in:
baldo 2015-11-14 18:48:41 +01:00
parent bc297acd18
commit 3c917ce4b2
8 changed files with 117 additions and 69 deletions

View file

@ -0,0 +1,18 @@
#
# ACTHUNG:
#
# Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
#
# Gzip settings
gzip on;
gzip_disable "msie6";
gzip_static on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
gzip_buffers 256 8k;
gzip_http_version 1.1;
gzip_min_length 0;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

View file

@ -0,0 +1,11 @@
#
# ACTHUNG:
#
# Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
#
##
# Logging Settings
##
include /etc/nginx/include/no_logging.conf;

View file

@ -0,0 +1,9 @@
#
# ACTHUNG:
#
# Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
#
# Server optimizations
server_names_hash_bucket_size 128;

View file

@ -0,0 +1,12 @@
#
# ACTHUNG:
#
# Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
#
# Global security settings for nginx
ignore_invalid_headers on;
sendfile on;
server_name_in_redirect off;
server_tokens off;

View file

@ -5,4 +5,4 @@
#
# Generischer Rewrite von HTTP nach HTTPS
rewrite ^ https://$server_name$request_uri? permanent;
rewrite ^ https://$server_name$request_uri? permanent;

View file

@ -38,26 +38,6 @@ http {
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
include /etc/nginx/include/no_logging.conf;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##

View file

@ -1,7 +1,7 @@
---
#- name: be sure nginx is installed
# apt: name=nginx state=latest
# tags: nginx
- name: be sure nginx is installed
apt: name=nginx state=latest
tags: nginx
- name: check ssl directories exist an have correct permissions
file: >
@ -37,48 +37,66 @@
- nginx
- ssl
#- name: copy includes
# copy: >
# src=etc/nginx/include
# dest=/etc/nginx
# mode=0644
# owner=root
# group=root
# notify:
# - restart nginx
# tags: nginx
#
#- name: apply templates
# template: >
# src="etc/nginx/{{ item }}.j2"
# dest="/etc/nginx/{{ item }}"
# mode=0644
# owner=root
# group=root
# items:
# - include/ssl_wildcard.conf
# - include/ssl_hamburg.freifunk.net.conf
# notify:
# - restart nginx
# tags: nginx
#
#- name: remove default site
# file: path={{ item }} state=absent
# with_items:
# - /etc/nginx/sites-available/default
# - /etc/nginx/sites-enabled/default
# - /var/www/html
# notify:
# - restart nginx
# tags: nginx
#
#- name: configure nginx
# copy: >
# src=etc/nginx/nginx.conf
# dest=/etc/nginx/nginx.conf
# mode=0644
# owner=root
# group=root
# notify:
# - restart nginx
# tags: nginx
- name: copy includes
copy: >
backup=yes
src=etc/nginx/include
dest=/etc/nginx
mode=0644
owner=root
group=root
notify:
- restart nginx
tags: nginx
- name: copy configs
copy: >
backup=yes
src=etc/nginx/conf.d
dest=/etc/nginx
mode=0644
owner=root
group=root
notify:
- restart nginx
tags: nginx
- name: apply templates
template: >
backup=yes
src="etc/nginx/{{ item }}.j2"
dest="/etc/nginx/{{ item }}"
mode=0644
owner=root
group=root
with_items:
- include/ssl_wildcard.conf
- include/ssl_hamburg_freifunk_net.conf
notify:
- restart nginx
tags: nginx
- name: remove default sites / configs
file: path={{ item }} state=absent
with_items:
- /etc/nginx/conf.d/default.conf_disabled
- /etc/nginx/conf.d/example_ssl.conf_disabled
- /etc/nginx/conf.d/mail.conf
- /etc/nginx/sites-available/default
- /etc/nginx/sites-enabled/default
- /var/www/html
notify:
- restart nginx
tags: nginx
- name: configure nginx
copy: >
backup=yes
src=etc/nginx/nginx.conf
dest=/etc/nginx/nginx.conf
mode=0644
owner=root
group=root
notify:
- restart nginx
tags: nginx