New configuration options for the virtualhost.
This commit is contained in:
parent
b6d005a3b5
commit
3d8f2f46c9
|
@ -94,6 +94,7 @@ nginx_cors_allowed_headers: 'Accept,Authorization,Cache-Control,Content-Type,DNT
|
|||
# Set them only if the application behind the server does not set them by itself.
|
||||
nginx_set_xss_protection: False
|
||||
nginx_set_content_security_options: False
|
||||
nginx_disable_content_security_options: False
|
||||
# Choiches: 'self', 'none', a list of domains
|
||||
nginx_content_security_src_acl:
|
||||
- "'self'"
|
||||
|
@ -144,11 +145,13 @@ nginx_robots_disallowed_useragent_list:
|
|||
nginx_robots_disallowed_uris: False
|
||||
nginx_robots_disallowed_uris_list: []
|
||||
|
||||
# List any options here, ending with ;
|
||||
nginx_use_common_virthost: False
|
||||
#
|
||||
# Virtualhost example
|
||||
nginx_virthosts: []
|
||||
# - virthost_name: '{{ ansible_fqdn }}'
|
||||
# plain_http_enabled: True
|
||||
# listen: '{{ http_port }}'
|
||||
# server_name: '{{ ansible_fqdn }}'
|
||||
# server_aliases: ''
|
||||
|
@ -163,6 +166,7 @@ nginx_virthosts: []
|
|||
# ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
|
||||
# root: {{ nginx_webroot }}
|
||||
# server_tokens: 'off'
|
||||
# additional_options: []
|
||||
# proxy_standard_setup: True
|
||||
# proxy_additional_options:
|
||||
# - 'proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;'
|
||||
|
|
|
@ -16,6 +16,8 @@ upstream {{ u_bk.name }} {
|
|||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if item.plain_http_enabled | default(True) %}
|
||||
server {
|
||||
listen {{ item.http_port | default ('80') }};
|
||||
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
||||
|
@ -54,6 +56,9 @@ server {
|
|||
{% endif %}
|
||||
{% if nginx_set_content_security_options %}
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
{% if nginx_disable_content_security_options %}
|
||||
add_header Content-Security-Policy "";
|
||||
{% else %}
|
||||
add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
|
||||
{% endif %}
|
||||
server_tokens {{ item.server_tokens | default('off') }};
|
||||
|
@ -126,6 +131,10 @@ server {
|
|||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% for global_opt in item.additional_options %}
|
||||
{{ global_opt }}
|
||||
{% endfor %}
|
||||
|
||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||
|
||||
# Proxy stuff
|
||||
|
@ -148,13 +157,13 @@ server {
|
|||
{% if nginx_cors_enabled %}
|
||||
{% if not nginx_cors_global %}
|
||||
{% if location.cors is defined and location.cors %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.target is defined %}
|
||||
proxy_pass {{ location.target }};
|
||||
proxy_pass {{ location.target }};
|
||||
{% elif location.php_target is defined %}
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
|
@ -181,7 +190,7 @@ server {
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.other_opts is defined %}
|
||||
{% if location.other_opts is defined %}
|
||||
{% for opt in location.other_opts %}
|
||||
{{ opt }};
|
||||
{% endfor %}
|
||||
|
@ -198,6 +207,7 @@ server {
|
|||
{% endif %}
|
||||
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if item.ssl_enabled %}
|
||||
server {
|
||||
|
@ -271,6 +281,9 @@ server {
|
|||
{% endif %}
|
||||
{% if nginx_set_content_security_options %}
|
||||
proxy_hide_header Content-Security-Policy;
|
||||
{% if nginx_disable_content_security_options %}
|
||||
add_header Content-Security-Policy "";
|
||||
{% else %}
|
||||
add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
|
||||
{% endif %}
|
||||
server_tokens {{ item.server_tokens | default('off') }};
|
||||
|
@ -303,6 +316,10 @@ server {
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% for global_opt in item.additional_options %}
|
||||
{{ global_opt }}
|
||||
{% endfor %}
|
||||
|
||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||
|
||||
# Proxy stuff
|
||||
|
@ -324,13 +341,13 @@ server {
|
|||
{% if nginx_cors_enabled %}
|
||||
{% if not nginx_cors_global %}
|
||||
{% if location.cors is defined and location.cors %}
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
include /etc/nginx/snippets/nginx-cors.conf;
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.target is defined %}
|
||||
proxy_pass {{ location.target }};
|
||||
proxy_pass {{ location.target }};
|
||||
{% elif location.php_target is defined %}
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
|
@ -357,7 +374,7 @@ server {
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if location.other_opts is defined %}
|
||||
{% if location.other_opts is defined %}
|
||||
{% for opt in location.other_opts %}
|
||||
{{ opt }};
|
||||
{% endfor %}
|
||||
|
|
Loading…
Reference in New Issue