Files
@ 064760bdc9d5
Branch filter:
Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation
064760bdc9d5
1.3 KiB
text/plain
MAR-26: Implemented tests and fixes ldap_server role:
- Use static network configuration in order to make it easier to test
connectivity from dedicated client.
- Added client machine for testing firewall.
- Added missing LDAP client configuration on instance used for testing of
mandatory options.
- Fixed name of server for backup testing purposes.
- Expanded a bit the cipher configuration for LDAP server for testing optional
parameters.
- Fixed wrongly populated Debian selections setting for LDAP organisation.
- Use templates for deploying LDAP TLS keys and certificates in order to avoid
Ansible munching the TAB characters.
- Implemented tests covering fully functionality of the role.
- Use static network configuration in order to make it easier to test
connectivity from dedicated client.
- Added client machine for testing firewall.
- Added missing LDAP client configuration on instance used for testing of
mandatory options.
- Fixed name of server for backup testing purposes.
- Expanded a bit the cipher configuration for LDAP server for testing optional
parameters.
- Fixed wrongly populated Debian selections setting for LDAP organisation.
- Use templates for deploying LDAP TLS keys and certificates in order to avoid
Ansible munching the TAB characters.
- Implemented tests covering fully functionality of the role.
373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 18cd76ec050d 18cd76ec050d 373cdfe71c66 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 | #
# Default server (vhost) configuration.
#
{% if default_enforce_https -%}
server {
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
# Set server_name to something that won't be matched (for default server).
server_name _;
# Redirect plaintext connections to HTTPS
return 301 https://$host$request_uri;
}
{% endif -%}
server {
{% if not default_enforce_https %}
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
{% endif %}
# HTTPS (TLS) configuration.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;
{% if default_enforce_https %}
# Set-up HSTS header for preventing downgrades for users that visited the
# site via HTTPS at least once.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %}
# Set-up the serving of default page.
root /var/www/default/;
index index.html;
# Set server_name to something that won't be matched (for default server).
server_name _;
location / {
# Always point user to the same index page.
try_files $uri /index.html;
}
}
|