dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
2 Branches
0 Tags
425 KiB
Tag: Branch: Tree: ac4de942ba
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ac4de942ba'
${ noResults }
ansible-playbooks/roles/nginx/defaults/main.yml

151 lines
3.5 KiB
Raw Normal View History Unescape

init
2 years ago
nginx_list_join:
gzip_types: " "
ssl_protocols: " "
ssl_ciphers: ":"
ssl_ecdh_curve: ":"
nginx_multi_list:
- ssl_conf_command
nginx_defaults:
user: nginx
group: nginx
conf_dir: /etc/nginx
dhparam_file: dhparam.pem
cert_rsa_name: rsa2048
cert_ecc_name: ecc384
enable_stapling: yes
must_staple: no
security:
headers:
X-Frame-Options: "SAMEORIGIN"
X-Content-Type-Options: "nosniff"
Referrer-Policy: "strict-origin-when-cross-origin"
Expect-CT: "maxage=86400, enforce"
Cross-Origin-Embedder-Policy: "require-corp"
Cross-Origin-Opener-Policy: "same-origin"
Cross-Origin-Resource-Policy: "same-site"
csp:
default-src: "'none'"
base-uri: "'self'"
connect-src: "'self'"
font-src: "'self'"
img-src: "'self'"
manifest-src: "'self'"
media-src: "'self'"
prefetch-src: "'self'"
script-src: "'self'"
style-src: "'self'"
worker-src: "'self'"
form-action: "'self'"
frame-ancestors: "'self'"
pp:
accelerometer: ""
camera: ""
display-capture: ""
document-domain: ""
geolocation: ""
gyroscope: ""
magnetometer: ""
microphone: ""
midi: ""
payment: ""
screen-wake-lock: ""
sync-xhr: ""
usb: ""
xr-spatial-tracking: ""
conf:
root:
pcre_jit: "on"
worker_processes: "auto"
events:
http:
aio: "threads"
aio_write: "on"
directio: "128k"
sendfile: "on"
sendfile_max_chunk: "1m"
tcp_nodelay: "on"
tcp_nopush: "on"
client_body_buffer_size: "64k"
client_body_timeout: "30s"
client_header_buffer_size: "2k"
client_header_timeout: "15s"
client_max_body_size: "0"
send_timeout: "180s"
resolver_timeout: "10s"
disable_symlinks: "on"
keepalive_disable: "none"
msie_padding: "off"
server_tokens: "off"
log_not_found: "on"
access_log: "off"
open_file_cache: "max=512 inactive=120s"
open_file_cache_errors: "on"
gzip: "on"
gzip_comp_level: "4"
gzip_min_length: "4096"
gzip_vary: "on"
gzip_types:
- text/css
- text/javascript
- text/plain
- application/javascript
- application/x-javascript
- font/truetype
- font/opentype
- image/svg+xml
- application/xml
deny: "all"
autoindex: "off"
default_type: "application/octet-stream"
proxy_buffer_size: "16k"
proxy_buffers: "16 16k"
proxy_connect_timeout: "30s"
proxy_http_version: "1.1"
proxy_read_timeout: "180s"
proxy_send_timeout: "180s"
proxy_max_temp_file_size: "0"
http2_push_preload: "on"
ssl_protocols:
- TLSv1.2
- TLSv1.3
ssl_ciphers:
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES128-GCM-SHA256
ssl_ecdh_curve:
- X448
- X25519
- secp521r1
- secp384r1
ssl_prefer_server_ciphers: "on"
ssl_early_data: "on"
ssl_conf_command:
- Options PrioritizeChaCha,-MiddleboxCompat
- Ciphersuites TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256
ssl_session_cache: "shared:SSL:512k"
ssl_session_tickets: "on"
ssl_session_timeout: "1h"