alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
866 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

10 Commits

Author SHA1 Message Date
Alan Orth 79b29f0c51
roles/nginx: generate snakeoil cert manually 
The ssl-cert does this, but it includes the hostname of the server
as the subject name in the cert, which is a huge leak of privacy.
 2021-09-27 10:48:24 +03:00
Alan Orth 6c3cf40a16
roles/nginx: Use snakeoil cert from ssl-cert 
Instead of manually creating our own self-signed certificate we can
use the one created automatically by the ssl-cert package on Debian.
This is only used by the dummy default HTTPS vhost.
 2021-07-01 18:11:34 +03:00
Alan Orth bbab45ae6f
Adjust ansible_managed to use comment filter 
We don't need to comment the ansible_managed block manually.
 2019-01-10 12:50:54 +02:00
Alan Orth b41bd432df
roles/nginx: Add "ansible managed" string to configs 
Generates a placeholder text to say that the file is managed by
ansible.
 2016-06-27 17:50:49 +03:00
Alan Orth 81e6af8f2b
roles/nginx: Add IPv6 listener in default HTTPS vhost 2016-04-25 21:49:41 +03:00
Alan Orth 1ffc4eebc9
roles/nginx: Use default_server instead of default 
Seems to be the new keyword for quite some time now, despite not
causing an error:

    http://nginx.org/en/docs/http/server_names.html
 2016-04-25 21:48:36 +03:00
Alan Orth 03519831cb
roles/nginx: Return HTTP 444 for requests to invalid hostnames 
444 is a special nginx return code that means the request was
closed without a response, see:

    http://nginx.org/en/docs/http/request_processing.html
 2016-04-25 21:45:21 +03:00
Alan Orth 41547defb9
Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts 
Everything is TLS now (whether self-signed or not), so it's pointless
to distinguish.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-10 00:14:47 +02:00
Alan Orth a3e71e75d2
roles/nginx: SPDY -> HTTP/2 
nginx 1.9.5 mainline adds support for HTTP/2 and deprecates SPDY.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-09-22 19:40:30 +03:00
Alan Orth 151fb29687 roles/nginx: Add blank vhost 
For security and predictability clients should only get a reponse
if they request a hostname we are actually hosting.

If TLS is in use then this will use a self-signed snakeoil cert for
an HTTPS-enabled blank, default vhost.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-06-06 00:07:50 +03:00