alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
780 Commits 2 Branches 0 Tags 4.2 MiB
4150dac57b
Commit Graph

218 Commits

Author SHA1 Message Date
Alan Orth
c870044584
roles/nginx: Adjust Cache-Control headers 
Use "public" with "max-age" instead of Expires, as "max-age" is always
preferred if it's present.  Note: setting "public" doesn't make the
resource "more cacheable", but it is just more explicit.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-11-07 00:29:53 +03:00
Alan Orth
08a920d0cb Revert "roles/nginx: Ingenius use of YAML hashes to derive TLS key from another file" 
This reverts commit 59b9bd70b8.

Might not be so ingenious.  Can't get this to work anymore...
 2014-10-27 21:16:43 +03:00
Alan Orth
59b9bd70b8 roles/nginx: Ingenius use of YAML hashes to derive TLS key from another file 
This is kinda crazy, but makes the host_vars much easier to read.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-11 15:42:44 +03:00
Alan Orth
42b893b2a7
roles/nginx: Add expires to static files 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-10 11:05:42 +03:00
Alan Orth
81a98596e3
Downgrade TLS configuration to Mozilla's "intermediate" spec 
From looking at the list of clients who would be allowed to connect
when using the "modern" spec, I think I'd be doing more harm than
good to use that config right now...

https://www.ssllabs.com/ssltest/analyze.html?d=alaninkenya.org
https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-09 21:09:18 +03:00
Alan Orth
d06ddf8a81
roles/nginx: Update TLS vhost task for Ansible > 1.7.1 
Seems there is some YAML sublety that causes this syntax to insert
double spaces on the destination file... using native YAML hashes
are a workaround, see GitHub issues:

https://github.com/ansible/ansible/issues/9067
https://github.com/ansible/ansible/issues/9172

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-09 20:57:24 +03:00
Alan Orth
ad8a704470
Update TLS configuration to Mozilla's "modern" spec 
Details, see:

- https://jve.linuxwall.info/blog/index.php?post/2014/10/09/Automated-configuration-analysis-for-Mozilla-s-TLS-guidelines
- https://wiki.mozilla.org/Security/Server_Side_TLS

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-09 20:56:08 +03:00
Alan Orth
ad90f7f0fb
roles/nginx: Use HSTS for https vhosts 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-06 10:46:04 +03:00
Alan Orth
fd9c6f31cb
roles/nginx: Add index to munin vhost 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-10-05 15:47:14 +03:00
Alan Orth
e6ffdf8652
roles/nginx: Update nginx https stuff 
- re-organize tls vhost configuration
- copy TLS cert from host_vars directly to file

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-09-13 23:16:54 +03:00
Alan Orth
2156f8b07d
roles/nginx: Tweaks for vhosts with WordPress 
My WordPress blogs have a /wordpress subdirectory in the document
root, but I don't serve from the /wordpress URI.

Technically, all we need is the tweaks to the try_files:
    - `?args` passes query strings to php5-fpm
    - removing 404 from the vhost's try_files so we don't return 404
    when the requested file doesn't exist (obviously not all request
    URI's in WordPress are actual files on the disk)

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-09-07 22:51:34 +03:00
Alan Orth
162197ad25
roles/nginx: Re-work vhost template to support HTTPS 
Assumes you have a TLS cert for one domain, but not the others, ie:

    http://blah.com \
    http://blah.net  -> https://blah.io
    http://blah.org /

Otherwise, without https, it creates a vhost with all domain names.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-09-06 21:32:37 +03:00
Alan Orth
fafd475f6b
roles/nginx: Add index to vhost config 
Without this, all requests to directory URIs throw 403 errors due
to directory listings not being allowed.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-28 12:27:24 +03:00
Alan Orth
0b8e0c38bf
roles/nginx: Per-vhost logs 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-27 20:26:12 +03:00
Alan Orth
5bbec6716c
roles/nginx: Use template to configure nginx vhosts 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-27 20:03:34 +03:00
Alan Orth
75a705ac87
roles/nginx: Add defaults for nginx role 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-27 20:02:29 +03:00
Alan Orth
ff95a34605
roles/nginx: Add vim modeline to main.yml 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-27 20:00:42 +03:00
Alan Orth
60b8ecdd4c
Initial commit 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2014-08-17 00:35:57 +03:00