majic-ansible-roles Files · roles/web_server/templates/nginx-default.j2

Files @ 3dd7f39302f8

Branch filter:

Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation

3dd7f39302f8 1.3 KiB text/plain Show Source Show as Raw Download as Raw

branko

MAR-29: Implemented tests for php_website role:

- Install some additional tools for testing everything.
- Updated test playbook to change allowed extensions for running PHP scripts on
parameters-optional.
- Updated error page to use correct extension for parameters-optional test
instance.
- Expanded rewrite configuration slightly for parameters-optional.
- Install libmariadb-client-lgpl-dev-compat to test mysql_config symlink
creation.
- Deploy a number of PHP pages used for testing if pages are served correctly.
- Set file permissions on deployed PHP FPM pool configuraiton files.
- Use expanded syntax when deploying TLS keys/certificates in order to avoid
issues with TAB mangling.
- Fixed set-up of Strict-Transport-Security header when HTTPS enforcement is
disabled.
- Added a number of PHP and static test pages.
- Wrote tests covering full functionality of the role.

373cdfe71c66
373cdfe71c66
373cdfe71c66
dfb91e411e40
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
dfb91e411e40
373cdfe71c66
373cdfe71c66
373cdfe71c66
18cd76ec050d
18cd76ec050d
373cdfe71c66
3352797ee517
3352797ee517
3352797ee517
3352797ee517
3352797ee517
3352797ee517
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66
373cdfe71c66

#
# Default server (vhost) configuration.
#
{% if default_enforce_https -%}
server {
    # HTTP (plaintext) configuration.
    listen 80 default_server;
    listen [::]:80 default_server;

    # Set server_name to something that won't be matched (for default server).
    server_name _;

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

{% endif -%}
server {
{% if not default_enforce_https %}
    # HTTP (plaintext) configuration.
    listen 80 default_server;
    listen [::]:80 default_server;

{% endif %}
    # HTTPS (TLS) configuration.
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;

{% if default_enforce_https %}
    # Set-up HSTS header for preventing downgrades for users that visited the
    # site via HTTPS at least once.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %}

    # Set-up the serving of default page.
    root /var/www/default/;
    index index.html;

    # Set server_name to something that won't be matched (for default server).
    server_name _;

    location / {
        # Always point user to the same index page.
        try_files $uri /index.html;
    }
}