This repository was archived by the owner on Feb 26, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsetup-nginx.yml
More file actions
53 lines (53 loc) · 2.63 KB
/
Copy pathsetup-nginx.yml
File metadata and controls
53 lines (53 loc) · 2.63 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
---
- name: Deploy additional h5bp Nginx files
synchronize:
src: "{{ playbook_dir }}/../vendor/server-configs-nginx/h5bp"
dest: /etc/nginx
- name: Setup Nginx
vars:
nginx_main_template_enable: 1
nginx_html_demo_template_enable: 1
nginx_main_template:
user: "stackhead"
http_custom_options:
# Add X-XSS-Protection for HTML documents. /etc/nginx/h5bp/security/x-xss-protection.conf
- "map $sent_http_content_type $x_xss_protection {\n ~*text/html \"1; mode=block\";\n }"
# Add X-Frame-Options for HTML documents. /etc/nginx/h5bp/security/x-frame-options.conf
- "map $sent_http_content_type $x_frame_options {\n ~*text/html DENY;\n }"
# Add Content-Security-Policy for HTML documents. /etc/nginx/h5bp/security/content-security-policy.conf
- "map $sent_http_content_type $content_security_policy {\n ~*text/html \"default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests\";\n }"
# Add Referrer-Policy for HTML documents. /etc/nginx/h5bp/security/referrer-policy.conf.conf
- "map $sent_http_content_type $referrer_policy {\n ~*text/html \"strict-origin-when-cross-origin\";\n }"
# Add X-UA-Compatible for HTML documents. /etc/nginx/h5bp/internet_explorer/x-ua-compatible.conf
- "map $sent_http_content_type $x_ua_compatible {\n ~*text/html \"IE=edge\";\n }"
# Add Access-Control-Allow-Origin. /etc/nginx/h5bp/cross-origin/requests.conf
- "map $sent_http_content_type $cors {\n ~*image/ \"*\";\n ~*font/ \"*\";\n ~*application/vnd.ms-fontobject \"*\";\n ~*application/x-font-ttf \"*\";\n ~*application/font-woff \"*\";\n ~*application/x-font-woff \"*\";\n ~*application/font-woff2 \"*\";\n }"
http_custom_includes:
- /etc/nginx/h5bp/web_performance/compression.conf
- /etc/nginx/h5bp/web_performance/cache_expiration.conf
include_role:
name: nginxinc.nginx
- name: adjust owner of /var/www directories
file:
path: /var/www
state: directory
owner: "stackhead"
group: "stackhead"
mode: 0755
recurse: true
- name: adjust owner of /etc/nginx/sites-enabled directory
file:
path: /etc/nginx/sites-enabled
state: directory
owner: "stackhead"
group: "stackhead"
mode: 0755
recurse: true
- name: Check content after provisioning
uri:
url: "http://{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}"
return_content: yes
register: uri_result
until: '"Welcome to nginx" in uri_result.content'
retries: 5
delay: 1