Files
@ 814be5def61d
Branch filter:
Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation
814be5def61d
1.1 KiB
text/plain
MAR-189: Added support for Debian 11 Bullseye to xmpp_server role:
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
- Roll-out LDAP client configuration since Bullseye does not come with
a stock one at /etc/ldap/ldap.conf that sets the trust anchor
correctly for validating LDAP server certificates.
- Drop the backports pinning in case of Bullseye (for now let's try to
keep the Buster and Bullseye at same versions for simplicity).
- Drop installation of Python apt bindings (no longer used).
- Tests for Buster and Bullseye need to be split-up a bit due to some
differences around backports etc.
373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 18cd76ec050d 18cd76ec050d 373cdfe71c66 3352797ee517 3352797ee517 3352797ee517 3352797ee517 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 | #
# Default server (vhost) configuration.
#
server {
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
# Set server_name to something that won't be matched (for default server).
server_name _;
# Redirect plaintext connections to HTTPS
return 301 https://$host$request_uri;
}
server {
# HTTPS (TLS) configuration.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;
# Set-up HSTS header for preventing downgrades for users that visited the
# site via HTTPS at least once.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
# Set-up the serving of default page.
root /var/www/default/;
index index.html;
# Set server_name to something that won't be matched (for default server).
server_name _;
location / {
# Always point user to the same index page.
try_files $uri /index.html;
}
}
|