New configuration options for the virtualhost.
This commit is contained in:
parent
b6d005a3b5
commit
3d8f2f46c9
|
@ -94,6 +94,7 @@ nginx_cors_allowed_headers: 'Accept,Authorization,Cache-Control,Content-Type,DNT
|
||||||
# Set them only if the application behind the server does not set them by itself.
|
# Set them only if the application behind the server does not set them by itself.
|
||||||
nginx_set_xss_protection: False
|
nginx_set_xss_protection: False
|
||||||
nginx_set_content_security_options: False
|
nginx_set_content_security_options: False
|
||||||
|
nginx_disable_content_security_options: False
|
||||||
# Choiches: 'self', 'none', a list of domains
|
# Choiches: 'self', 'none', a list of domains
|
||||||
nginx_content_security_src_acl:
|
nginx_content_security_src_acl:
|
||||||
- "'self'"
|
- "'self'"
|
||||||
|
@ -144,11 +145,13 @@ nginx_robots_disallowed_useragent_list:
|
||||||
nginx_robots_disallowed_uris: False
|
nginx_robots_disallowed_uris: False
|
||||||
nginx_robots_disallowed_uris_list: []
|
nginx_robots_disallowed_uris_list: []
|
||||||
|
|
||||||
|
# List any options here, ending with ;
|
||||||
nginx_use_common_virthost: False
|
nginx_use_common_virthost: False
|
||||||
#
|
#
|
||||||
# Virtualhost example
|
# Virtualhost example
|
||||||
nginx_virthosts: []
|
nginx_virthosts: []
|
||||||
# - virthost_name: '{{ ansible_fqdn }}'
|
# - virthost_name: '{{ ansible_fqdn }}'
|
||||||
|
# plain_http_enabled: True
|
||||||
# listen: '{{ http_port }}'
|
# listen: '{{ http_port }}'
|
||||||
# server_name: '{{ ansible_fqdn }}'
|
# server_name: '{{ ansible_fqdn }}'
|
||||||
# server_aliases: ''
|
# server_aliases: ''
|
||||||
|
@ -163,6 +166,7 @@ nginx_virthosts: []
|
||||||
# ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
|
# ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
|
||||||
# root: {{ nginx_webroot }}
|
# root: {{ nginx_webroot }}
|
||||||
# server_tokens: 'off'
|
# server_tokens: 'off'
|
||||||
|
# additional_options: []
|
||||||
# proxy_standard_setup: True
|
# proxy_standard_setup: True
|
||||||
# proxy_additional_options:
|
# proxy_additional_options:
|
||||||
# - 'proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;'
|
# - 'proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;'
|
||||||
|
|
|
@ -16,6 +16,8 @@ upstream {{ u_bk.name }} {
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if item.plain_http_enabled | default(True) %}
|
||||||
server {
|
server {
|
||||||
listen {{ item.http_port | default ('80') }};
|
listen {{ item.http_port | default ('80') }};
|
||||||
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
||||||
|
@ -54,6 +56,9 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if nginx_set_content_security_options %}
|
{% if nginx_set_content_security_options %}
|
||||||
proxy_hide_header Content-Security-Policy;
|
proxy_hide_header Content-Security-Policy;
|
||||||
|
{% if nginx_disable_content_security_options %}
|
||||||
|
add_header Content-Security-Policy "";
|
||||||
|
{% else %}
|
||||||
add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
|
add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
server_tokens {{ item.server_tokens | default('off') }};
|
server_tokens {{ item.server_tokens | default('off') }};
|
||||||
|
@ -126,6 +131,10 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% for global_opt in item.additional_options %}
|
||||||
|
{{ global_opt }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||||
|
|
||||||
# Proxy stuff
|
# Proxy stuff
|
||||||
|
@ -148,13 +157,13 @@ server {
|
||||||
{% if nginx_cors_enabled %}
|
{% if nginx_cors_enabled %}
|
||||||
{% if not nginx_cors_global %}
|
{% if not nginx_cors_global %}
|
||||||
{% if location.cors is defined and location.cors %}
|
{% if location.cors is defined and location.cors %}
|
||||||
include /etc/nginx/snippets/nginx-cors.conf;
|
include /etc/nginx/snippets/nginx-cors.conf;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.target is defined %}
|
{% if location.target is defined %}
|
||||||
proxy_pass {{ location.target }};
|
proxy_pass {{ location.target }};
|
||||||
{% elif location.php_target is defined %}
|
{% elif location.php_target is defined %}
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
@ -181,7 +190,7 @@ server {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.other_opts is defined %}
|
{% if location.other_opts is defined %}
|
||||||
{% for opt in location.other_opts %}
|
{% for opt in location.other_opts %}
|
||||||
{{ opt }};
|
{{ opt }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
@ -198,6 +207,7 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if item.ssl_enabled %}
|
{% if item.ssl_enabled %}
|
||||||
server {
|
server {
|
||||||
|
@ -271,6 +281,9 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if nginx_set_content_security_options %}
|
{% if nginx_set_content_security_options %}
|
||||||
proxy_hide_header Content-Security-Policy;
|
proxy_hide_header Content-Security-Policy;
|
||||||
|
{% if nginx_disable_content_security_options %}
|
||||||
|
add_header Content-Security-Policy "";
|
||||||
|
{% else %}
|
||||||
add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
|
add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
server_tokens {{ item.server_tokens | default('off') }};
|
server_tokens {{ item.server_tokens | default('off') }};
|
||||||
|
@ -303,6 +316,10 @@ server {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% for global_opt in item.additional_options %}
|
||||||
|
{{ global_opt }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||||
|
|
||||||
# Proxy stuff
|
# Proxy stuff
|
||||||
|
@ -324,13 +341,13 @@ server {
|
||||||
{% if nginx_cors_enabled %}
|
{% if nginx_cors_enabled %}
|
||||||
{% if not nginx_cors_global %}
|
{% if not nginx_cors_global %}
|
||||||
{% if location.cors is defined and location.cors %}
|
{% if location.cors is defined and location.cors %}
|
||||||
include /etc/nginx/snippets/nginx-cors.conf;
|
include /etc/nginx/snippets/nginx-cors.conf;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.target is defined %}
|
{% if location.target is defined %}
|
||||||
proxy_pass {{ location.target }};
|
proxy_pass {{ location.target }};
|
||||||
{% elif location.php_target is defined %}
|
{% elif location.php_target is defined %}
|
||||||
try_files $uri =404;
|
try_files $uri =404;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
@ -357,7 +374,7 @@ server {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.other_opts is defined %}
|
{% if location.other_opts is defined %}
|
||||||
{% for opt in location.other_opts %}
|
{% for opt in location.other_opts %}
|
||||||
{{ opt }};
|
{{ opt }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
Loading…
Reference in New Issue