tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The directive that blocks dotfile requests is now under a conditional. See https://support.d4science.org/issues/16586

This commit is contained in:
Andrea Dell'Amico 2019-04-19 13:37:29 +02:00
parent 139db08ea1
commit 9e0fcdc4fa
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nginx/defaults/main.yml
View File

@ -93,6 +93,7 @@ nginx_ssl_type: ssl
# When we do not use letsencrypt: # When we do not use letsencrypt:
# nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt' # nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt'
# nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key' # nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
nginx_block_dotfiles: True
# Virtualhost example # Virtualhost example
# nginx_virthosts: # nginx_virthosts:

9
nginx/templates/nginx-virthost.j2
View File

@ -9,12 +9,14 @@ include /etc/nginx/snippets/nginx-websockets.conf;
server { server {
listen {{ item.http_port | default ('80') }}; listen {{ item.http_port | default ('80') }};
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
{% if nginx_block_dotfiles %}
location ~ /\.(?!well-known).* { location ~ /\.(?!well-known).* {
deny all; deny all;
access_log off; access_log off;
log_not_found off; log_not_found off;
return 404; return 404;
} }
{% endif %}
{% if letsencrypt_acme_install %} {% if letsencrypt_acme_install %}
include /etc/nginx/snippets/letsencrypt-proxy.conf; include /etc/nginx/snippets/letsencrypt-proxy.conf;
@ -54,12 +56,14 @@ server {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
{% if nginx_block_dotfiles %}
location ~ /\. { location ~ /\. {
deny all; deny all;
access_log off; access_log off;
log_not_found off; log_not_found off;
return 404; return 404;
} }
{% endif %}
{% if haproxy_ips is defined %} {% if haproxy_ips is defined %}
# We are behind haproxy # We are behind haproxy
{% for ip in haproxy_ips %} {% for ip in haproxy_ips %}
@ -213,9 +217,14 @@ server {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
{% if nginx_block_dotfiles %}
location ~ /\. { location ~ /\. {
deny all; deny all;
access_log off;
log_not_found off;
return 404;
} }
{% endif %}
{% if haproxy_ips is defined %} {% if haproxy_ips is defined %}
# We are behind haproxy # We are behind haproxy