79b29f0c51
roles/nginx: generate snakeoil cert manually
...
The ssl-cert does this, but it includes the hostname of the server
as the subject name in the cert, which is a huge leak of privacy.
2021-09-27 10:48:24 +03:00
6c3cf40a16
roles/nginx: Use snakeoil cert from ssl-cert
...
Instead of manually creating our own self-signed certificate we can
use the one created automatically by the ssl-cert package on Debian.
This is only used by the dummy default HTTPS vhost.
2021-07-01 18:11:34 +03:00
bbab45ae6f
Adjust ansible_managed to use comment filter
...
We don't need to comment the ansible_managed block manually.
2019-01-10 12:50:54 +02:00
b41bd432df
roles/nginx: Add "ansible managed" string to configs
...
Generates a placeholder text to say that the file is managed by
ansible.
2016-06-27 17:50:49 +03:00
81e6af8f2b
roles/nginx: Add IPv6 listener in default HTTPS vhost
2016-04-25 21:49:41 +03:00
1ffc4eebc9
roles/nginx: Use default_server instead of default
...
Seems to be the new keyword for quite some time now, despite not
causing an error:
http://nginx.org/en/docs/http/server_names.html
2016-04-25 21:48:36 +03:00
03519831cb
roles/nginx: Return HTTP 444 for requests to invalid hostnames
...
444 is a special nginx return code that means the request was
closed without a response, see:
http://nginx.org/en/docs/http/request_processing.html
2016-04-25 21:45:21 +03:00
41547defb9
Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts
...
Everything is TLS now (whether self-signed or not), so it's pointless
to distinguish.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:14:47 +02:00
a3e71e75d2
roles/nginx: SPDY -> HTTP/2
...
nginx 1.9.5 mainline adds support for HTTP/2 and deprecates SPDY.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-09-22 19:40:30 +03:00
151fb29687
roles/nginx: Add blank vhost
...
For security and predictability clients should only get a reponse
if they request a hostname we are actually hosting.
If TLS is in use then this will use a self-signed snakeoil cert for
an HTTPS-enabled blank, default vhost.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-06-06 00:07:50 +03:00