Files
@ 36e1c9460cd6
Branch filter:
Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation
36e1c9460cd6
1.3 KiB
text/plain
MAR-27: Added initial scaffolding for testing mail_forwarder role:
- Fixed issues reported by Ansible linting check (some mode-related syntax and
one ignore.
- Added Molecule configuration for testing mandatory and optional
parameters. Covers both Debian Jessie and Debian Stretch.
- Added test playbook for setting-up the test instances. A helper relay mail
server.
- Updated both mail_server and mail_forwarder to fall-back to using
native (/etc/hosts) resolving if DNS fails. Solves issue with test environment
not having proper DNS set-up for all domains etc.
- Added a number of data/config files associated with tests.
- Added dummy test file.
- Fixed issues reported by Ansible linting check (some mode-related syntax and
one ignore.
- Added Molecule configuration for testing mandatory and optional
parameters. Covers both Debian Jessie and Debian Stretch.
- Added test playbook for setting-up the test instances. A helper relay mail
server.
- Updated both mail_server and mail_forwarder to fall-back to using
native (/etc/hosts) resolving if DNS fails. Solves issue with test environment
not having proper DNS set-up for all domains etc.
- Added a number of data/config files associated with tests.
- Added dummy test file.
373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 18cd76ec050d 18cd76ec050d 373cdfe71c66 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 | #
# Default server (vhost) configuration.
#
{% if default_enforce_https -%}
server {
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
# Set server_name to something that won't be matched (for default server).
server_name _;
# Redirect plaintext connections to HTTPS
return 301 https://$host$request_uri;
}
{% endif -%}
server {
{% if not default_enforce_https %}
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
{% endif %}
# HTTPS (TLS) configuration.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;
{% if default_enforce_https %}
# Set-up HSTS header for preventing downgrades for users that visited the
# site via HTTPS at least once.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %}
# Set-up the serving of default page.
root /var/www/default/;
index index.html;
# Set server_name to something that won't be matched (for default server).
server_name _;
location / {
# Always point user to the same index page.
try_files $uri /index.html;
}
}
|