ISTI-ansible-roles
/
ansible-role-nginx
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Give the options to allow dotfiles other than '.ht*'.

This commit is contained in:
Andrea Dell'Amico 2024-05-03 18:19:39 +02:00
parent 9b7cc5b11a
commit 4999eaa896
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
defaults/main.yml
View File

@ -134,6 +134,7 @@ nginx_websockets_support: false
# When we do not use letsencrypt: # When we do not use letsencrypt:
# nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt' # nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt'
# nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key' # nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
nginx_block_dangerous_dotfiles: false
nginx_block_dotfiles: true nginx_block_dotfiles: true
# k,M,G # k,M,G

15
templates/nginx-virthost.j2
View File

@ -38,6 +38,13 @@ server {
log_not_found off; log_not_found off;
return 404; return 404;
} }
{% elif nginx_block_dangerous_dotfiles %}
location ~ /\.ht.* {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% endif %} {% endif %}
{% if letsencrypt_acme_install %} {% if letsencrypt_acme_install %}
@ -241,6 +248,7 @@ server {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
{% if nginx_block_dotfiles %} {% if nginx_block_dotfiles %}
location ~ /\.(?!well-known).* { location ~ /\.(?!well-known).* {
deny all; deny all;
@ -248,6 +256,13 @@ server {
log_not_found off; log_not_found off;
return 404; return 404;
} }
{% elif nginx_block_dangerous_dotfiles %}
location ~ /\.ht.* {
deny all;
access_log off;
log_not_found off;
return 404;
}
{% endif %} {% endif %}
{% if haproxy_ips is defined %} {% if haproxy_ips is defined %}