majic-ansible-roles Files · roles/web_server/templates/nginx-default.j2

Files @ 17cf34f73ca6

Branch filter:

Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation

17cf34f73ca6 1.3 KiB text/plain Show Source Show as Raw Download as Raw

branko

MAR-28: Implemented additional tests for mail_server role:

- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.

373cdfe71c66
373cdfe71c66
373cdfe71c66
dfb91e411e40
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
373cdfe71c66
373cdfe71c66
373cdfe71c66
18cd76ec050d
18cd76ec050d
373cdfe71c66
3352797ee517
3352797ee517
3352797ee517
3352797ee517
3352797ee517
3352797ee517
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66

#
# Default server (vhost) configuration.
#
{% if default_enforce_https -%}
server {
    # HTTP (plaintext) configuration.
    listen 80 default_server;
    listen [::]:80 default_server;

    # Set server_name to something that won't be matched (for default server).
    server_name _;

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

{% endif -%}
server {
{% if not default_enforce_https %}
    # HTTP (plaintext) configuration.
    listen 80 default_server;
    listen [::]:80 default_server;

{% endif %}
    # HTTPS (TLS) configuration.
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;

{% if default_enforce_https %}
    # Set-up HSTS header for preventing downgrades for users that visited the
    # site via HTTPS at least once.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %}

    # Set-up the serving of default page.
    root /var/www/default/;
    index index.html;

    # Set server_name to something that won't be matched (for default server).
    server_name _;

    location / {
        # Always point user to the same index page.
        try_files $uri /index.html;
    }
}