diff --git a/roles/nginx/files/etc/nginx/include/headers_hsts.conf b/roles/nginx/files/etc/nginx/include/headers_hsts.conf new file mode 100644 index 0000000..01adcb4 --- /dev/null +++ b/roles/nginx/files/etc/nginx/include/headers_hsts.conf @@ -0,0 +1,4 @@ +# Header bitte nur auf "location" Ebene inkludieren: +# https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header + +add_header Strict-Transport-Security max-age=31536000; diff --git a/roles/nginx/files/etc/nginx/include/listing.conf b/roles/nginx/files/etc/nginx/include/listing.conf index d161622..bc6ab74 100644 --- a/roles/nginx/files/etc/nginx/include/listing.conf +++ b/roles/nginx/files/etc/nginx/include/listing.conf @@ -1,5 +1,3 @@ -location / { - autoindex on; - autoindex_exact_size on; - autoindex_localtime off; -} +autoindex on; +autoindex_exact_size on; +autoindex_localtime off; diff --git a/roles/website/includes/base-static/templates/site.j2 b/roles/website/includes/base-static/templates/site.j2 index fbff97a..9d9d83a 100644 --- a/roles/website/includes/base-static/templates/site.j2 +++ b/roles/website/includes/base-static/templates/site.j2 @@ -4,10 +4,12 @@ server { include /etc/nginx/include/no_dotfiles.conf; include /etc/nginx/include/no_symlinks.conf; - {% if listing %} +{% if listing %} + location / { include /etc/nginx/include/listing.conf; - {% endif %} + } +{% endif %} listen {{port.number}}{% if port.ssl %} ssl{% endif %}; listen [::]:{{port.number}}{% if port.ssl %} ssl{% endif %}; diff --git a/roles/website/updates/files/updates_common.conf b/roles/website/updates/files/updates_common.conf deleted file mode 100644 index 9096f27..0000000 --- a/roles/website/updates/files/updates_common.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Basis-Konfiguration für updates. - -root /var/www/updates; - -location / { - access_log off; - log_not_found off; - autoindex on; -} diff --git a/roles/website/updates/tasks/main.yml b/roles/website/updates/tasks/main.yml index 577f5f1..798c645 100644 --- a/roles/website/updates/tasks/main.yml +++ b/roles/website/updates/tasks/main.yml @@ -1,10 +1,4 @@ --- -- name: copy updates_common.conf - copy: - src: files/updates_common.conf - dest: /etc/nginx/include - notify: reload nginx - - name: template site template: src: templates/site.j2 diff --git a/roles/website/updates/templates/site.j2 b/roles/website/updates/templates/site.j2 index 68108f2..2faf870 100644 --- a/roles/website/updates/templates/site.j2 +++ b/roles/website/updates/templates/site.j2 @@ -7,18 +7,26 @@ server { ssl_certificate {{ updates_ssl_certificate }}; ssl_certificate_key {{ updates_ssl_certificate_key }}; - include /etc/nginx/include/updates_common.conf; + root /var/www/updates; + + location / { + include /etc/nginx/include/headers_hsts.conf; + include /etc/nginx/include/listing.conf; + } } +# Kein HTTPS Redirect wg. Paketinstallation auf Routern server { listen 80; listen [::]:80; server_name updates.hamburg.freifunk.net; - include /etc/nginx/include/updates_common.conf; + root /var/www/updates; - # Kein HTTPS Redirect wg. Paketinstallation auf Routern + location / { + include /etc/nginx/include/listing.conf; + } } server { @@ -27,5 +35,9 @@ server { server_name 1.updates.services.ffhh; - include /etc/nginx/include/updates_common.conf; + root /var/www/updates; + + location / { + include /etc/nginx/include/listing.conf; + } }