Files
@ ff510f233909
Branch filter:
Location: majic-ansible-roles/roles/web_server/templates/nginx-default.j2 - annotation
ff510f233909
1.3 KiB
text/plain
MAR-132: Added support for Debian 9 (Stretch) to php_website role:
- Implemented the necessary changes related to differences between PHP
versions and related paths (PHP 5 vs PHP 7).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Use more specific host groups in tests.
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Implemented the necessary changes related to differences between PHP
versions and related paths (PHP 5 vs PHP 7).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Use more specific host groups in tests.
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 dfb91e411e40 373cdfe71c66 373cdfe71c66 373cdfe71c66 18cd76ec050d 18cd76ec050d 373cdfe71c66 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 3352797ee517 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 373cdfe71c66 | #
# Default server (vhost) configuration.
#
{% if default_enforce_https -%}
server {
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
# Set server_name to something that won't be matched (for default server).
server_name _;
# Redirect plaintext connections to HTTPS
return 301 https://$host$request_uri;
}
{% endif -%}
server {
{% if not default_enforce_https %}
# HTTP (plaintext) configuration.
listen 80 default_server;
listen [::]:80 default_server;
{% endif %}
# HTTPS (TLS) configuration.
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}_https.key;
ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}_https.pem;
{% if default_enforce_https %}
# Set-up HSTS header for preventing downgrades for users that visited the
# site via HTTPS at least once.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
{% endif %}
# Set-up the serving of default page.
root /var/www/default/;
index index.html;
# Set server_name to something that won't be matched (for default server).
server_name _;
location / {
# Always point user to the same index page.
try_files $uri /index.html;
}
}
|