Files
@ 17cf34f73ca6
Branch filter:
Location: majic-ansible-roles/roles/wsgi_website/templates/nginx_site.j2 - annotation
17cf34f73ca6
2.3 KiB
text/plain
MAR-28: Implemented additional tests for mail_server role:
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
- Deploy a number of tools on clients in order to test SMTP, IMAP, and Sieve
services.
- Added one more user to LDAP directory for testing group restrictions.
- Deploy CA certificate on all testing machines for TLS validation purposes.
- Use different custom-configured cipher for mail server ciphers.
- Fixed invalid postmaster address for parameters-optional host.
- Deploy configuration files for use with Imap-CLI on client test machines.
- Updated testing of SMTP server to include checks for users that do not belong
to mail group.
- Extended some SMTP-related tests to cover both test servers.
- Some small fixes in SMTP-related tests for expected output from commands.
- Implemented tests covering Dovecot (IMAP + Sieve) functionality.
- Implemented tests for running/enabled services.
- Implemented tests for ClamAV.
- Implemented tests for firewall and connectivity.
- Implemented tests for Postfix TLS configuration.
- TODO: Tests for Sieve TLS configuration have not been written yet due to
limitation of available tools.
dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 981584549895 d26fe0368a4b 981584549895 981584549895 dfb91e411e40 981584549895 d26fe0368a4b d26fe0368a4b d26fe0368a4b dfb91e411e40 d26fe0368a4b d26fe0368a4b d26fe0368a4b 18cd76ec050d 18cd76ec050d d26fe0368a4b 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 1b05bae8e440 1b05bae8e440 1b05bae8e440 1b05bae8e440 1b05bae8e440 bd13e65e0e94 981584549895 981584549895 981584549895 bd13e65e0e94 bd13e65e0e94 981584549895 bd13e65e0e94 981584549895 981584549895 981584549895 981584549895 981584549895 bd13e65e0e94 bd13e65e0e94 981584549895 981584549895 981584549895 819d02d81946 981584549895 981584549895 981584549895 981584549895 67dd87d59abb 67dd87d59abb 67dd87d59abb 67dd87d59abb 981584549895 981584549895 981584549895 4ca98a158269 4ca98a158269 4ca98a158269 4ca98a158269 4f7054d023b6 4ca98a158269 4ca98a158269 981584549895 981584549895 981584549895 | {% if enforce_https -%}
server {
# HTTP (plaintext) configuration.
listen 80;
server_name {{ fqdn }};
# Redirect plaintext connections to HTTPS
return 301 https://$host$request_uri;
}
{% endif -%}
server {
# Base settings.
root {{ home }}/htdocs/;
server_name {{ fqdn }};
{% if not enforce_https %}
# HTTP (plaintext) configuration.
listen 80;
{% endif %}
# HTTPS (TLS) configuration.
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key;
ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem;
{% if default_enforce_https -%}
# Set-up HSTS header for preventing downgrades for users that visited the
# site via HTTPS at least once.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif -%}
{% for config in additional_nginx_config -%}
# {{ config.comment }}
{{ config.value }}
{% endfor -%}
{% if rewrites -%}
# Site rewrites.
{% for rewrite in rewrites -%}
rewrite {{ rewrite }};
{% endfor -%}
{% endif %}
{% if static_locations -%}
# Static locations
{% for location in static_locations -%}
location {{ location }} {
try_files $uri $uri/ =404;
}
{% endfor -%}
{% endif %}
# Pass remaining requests to the WSGI server.
location / {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
{% for header, value in proxy_headers.iteritems() -%}
proxy_set_header {{ header }} {{ value }};
{% endfor -%}
proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
}
{% if environment_indicator -%}
# Show environment indicator on HTML pages.
sub_filter_types text/html;
sub_filter_once on;
sub_filter "</body>" "<div id='website-environment' style='background-color: {{ environment_indicator.background_colour }}; width: 100%; text-align: center; position: fixed; bottom: 5px; color: {{ environment_indicator.text_colour }}; font-weight: bold; z-index: 999999;'>{{ environment_indicator.text }}</div></body>";
{% endif -%}
access_log /var/log/nginx/{{ fqdn }}-access.log;
error_log /var/log/nginx/{{ fqdn }}-error.log;
}
|