Files
@ 8d272d91d3d2
Branch filter:
Location: majic-ansible-roles/testsite/group_vars/web.yml - annotation
8d272d91d3d2
1.1 KiB
text/x-yaml
MAR-165: Deploy Diffie-Helman parameters for LDAP server in the ldap_server role:
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
- Not relevant for Debian Strech because of a bug in the OpenLDAP
version it ships with.
- This should allow use of DHE ciphers with LDAP server.
- Generated DH parameters only help pick one of the parameters from
RFC-7919 (based on the size of generated ones).
- Make the cipher test lists distro-specific due to differences
between supported algorithms in respective GnuTLS versions.
06bf1c3c9611 06bf1c3c9611 06bf1c3c9611 0f17841d0aad 06bf1c3c9611 0f17841d0aad 06bf1c3c9611 1b05bae8e440 373cdfe71c66 18cd76ec050d 18cd76ec050d 373cdfe71c66 373cdfe71c66 09625826d96f 09625826d96f 0ec59430e00c 0ec59430e00c 0ec59430e00c 0ec59430e00c 0ec59430e00c 67dd87d59abb 67dd87d59abb 67dd87d59abb 67dd87d59abb 8548876c068b 8548876c068b 8548876c068b 8548876c068b 8548876c068b b56ccd5a92ee b56ccd5a92ee b56ccd5a92ee | ---
local_mail_aliases:
root: "root john.doe@{{ testsite_domain }}"
smtp_relay_host: mail.{{ testsite_domain }}
smtp_relay_truststore: "{{ lookup('file', inventory_dir + '/tls/ca.pem') }}"
default_https_tls_key: "{{ lookup('file', inventory_dir + '/tls/web.' + testsite_domain + '_https.key') }}"
default_https_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/web.' + testsite_domain + '_https.pem') }}"
web_default_title: "Welcome to Example Inc."
web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."
website_mail_recipients: "john.doe@example.com"
environment_indicator:
background_colour: "purple"
text_colour: "white"
text: "Majic Ansible Roles Test Site"
proxy_headers:
Accept-Encoding: '"gzip"'
web_server_tls_protocols:
- TLSv1.2
- TLSv1.1
web_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:\
DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\
ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT"
|