alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
Ansible playbook for base and initial configuration of web server hosting my personal websites.
334 Commits 2 Branches 0 Tags 4.5 MiB
Jinja 97.2%
Shell 1.7%
Perl 1.1%
Go to file
Alan Orth 10cbf75c27
group_vars/all: Disable TLS cipher suites using Triple DES 
An attack on Triple DES was recently published[0]. It's not a very
high severity attack but the fact is that Triple DES is very old
and there are much better ciphers to use, like AES and ChaCha20.

I logged the ciphers that were negotiated on all of my vhosts over
a period of 72 hours and there were zero occurences of Triple DES,
so I am removing it, as suggested by the authors of the attack as
well as OpenSSL[1].

[0] https://sweet32.info
[1] https://www.openssl.org/blog/blog/2016/08/24/sweet32/
 		2016-08-27 18:25:37 +03:00
group_vars group_vars/all: Disable TLS cipher suites using Triple DES 2016-08-27 18:25:37 +03:00
host_vars roles/nginx: Use explicity booleans for tests instead of "yes" and "no" 2016-08-17 12:55:14 +03:00
misc-plays Add miscellaneous playbook to change the provisioning user's password 2015-06-01 14:27:58 +03:00
roles roles/common: Add a dedicated playbook for ntp tasks 2016-08-25 14:19:51 +03:00
vars Allow Debian hosts to run Ubuntu stuff 2015-08-23 00:02:39 +03:00
.gitignore .gitignore: Ignore Vagrant directory 2015-05-24 23:00:48 +03:00
LICENSE Add copy of GPLv3 license 2015-05-08 15:59:15 +03:00
README.md README.md: Clarify requirements note to add Ubuntu 16.04 2016-06-25 21:45:24 +03:00
ansible.cfg Add ansible.cfg 2016-08-22 13:04:13 +03:00
site.yml Add site yml file 2014-08-25 13:21:00 +03:00
web.yml Rename php5-fpm role to php-fpm 2016-04-22 11:25:35 +03:00

README.md

Ansible Playbook

Ansible playbook for base and initial configuration of the web server hosting my personal websites. After successful execution of this playbook, however, there is still some manual work to import databases, copy site content, etc.

Assumptions

Before you can run this, a few things are assumed:

  • You have a clean, minimal Debian 8 / Ubuntu 16.04 host up and running
  • You have a user account with password-less SSH access to the machine
  • You have sudo privileges on the remote host
  • You have created a hosts file with something like:
[web]
web01

Use

Once you've satisfied the the above assumptions, you can execute:

$ ansible-playbook web.yml -i hosts --ask-become-pass

License

Copyright (C) 2014 - 2016 Alan Orth

The contents of this repository are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.