Files
@ 7c07f17e46ba
Branch filter:
Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation
7c07f17e46ba
1.3 KiB
text/plain
MAR-26: Implemented scaffolding for testing the ldap_server role:
- Fixed role documentation and example for the ldap_server ldap_entries
parameter.
- Fixed missing leading zero when setting mode for deployed files.
- Marked certain tasks for skipping Ansible linting on.
- Fixed invocation of local LDAP commands to use unix socket out of the
box (don't depend on LDAP client configuration).
- Default to state 'present' for ldap_entry (makes things a bit more
readable/clear).
- Added test data for backup and TLS.
- Added dummy default test file.
- Fixed role documentation and example for the ldap_server ldap_entries
parameter.
- Fixed missing leading zero when setting mode for deployed files.
- Marked certain tasks for skipping Ansible linting on.
- Fixed invocation of local LDAP commands to use unix socket out of the
box (don't depend on LDAP client configuration).
- Default to state 'present' for ldap_entry (makes things a bit more
readable/clear).
- Added test data for backup and TLS.
- Added dummy default test file.
373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 18cd76ec050d 18cd76ec050d 373cdfe71c66 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 | #
# Default server (vhost) configuration.
#
{% if default_enforce_https -%}
server {
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
# Set server_name to something that won't be matched (for default server).
server_name _;
# Redirect plaintext connections to HTTPS
return 301 https://$host$request_uri;
}
{% endif -%}
server {
{% if not default_enforce_https %}
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
{% endif %}
# HTTPS (TLS) configuration.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;
{% if default_enforce_https %}
# Set-up HSTS header for preventing downgrades for users that visited the
# site via HTTPS at least once.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %}
# Set-up the serving of default page.
root /var/www/default/;
index index.html;
# Set server_name to something that won't be matched (for default server).
server_name _;
location / {
# Always point user to the same index page.
try_files $uri /index.html;
}
}
|