forked from ISTI-ansible-roles/ansible-roles
The directive that blocks dotfile requests is now under a conditional. See https://support.d4science.org/issues/16586
This commit is contained in:
parent
139db08ea1
commit
9e0fcdc4fa
|
@ -93,6 +93,7 @@ nginx_ssl_type: ssl
|
|||
# When we do not use letsencrypt:
|
||||
# nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt'
|
||||
# nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
|
||||
nginx_block_dotfiles: True
|
||||
|
||||
# Virtualhost example
|
||||
# nginx_virthosts:
|
||||
|
|
|
@ -9,12 +9,14 @@ include /etc/nginx/snippets/nginx-websockets.conf;
|
|||
server {
|
||||
listen {{ item.http_port | default ('80') }};
|
||||
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
||||
{% if nginx_block_dotfiles %}
|
||||
location ~ /\.(?!well-known).* {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if letsencrypt_acme_install %}
|
||||
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
||||
|
@ -54,12 +56,14 @@ server {
|
|||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
{% if nginx_block_dotfiles %}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
{% endif %}
|
||||
{% if haproxy_ips is defined %}
|
||||
# We are behind haproxy
|
||||
{% for ip in haproxy_ips %}
|
||||
|
@ -213,9 +217,14 @@ server {
|
|||
log_not_found off;
|
||||
access_log off;
|
||||
}
|
||||
{% if nginx_block_dotfiles %}
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
return 404;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
{% if haproxy_ips is defined %}
|
||||
# We are behind haproxy
|
||||
|
|
Loading…
Reference in New Issue