summaryrefslogtreecommitdiffstats
path: root/roles/common-web/tasks/main.yml
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-03-30 21:45:43 +0300
committerGuilhem Moulin <guilhem@fripost.org>2016-03-30 21:45:43 +0300
commit54261953e711e67e4ee28f788ea35bcab0e86654 (patch)
tree69eef65ef208b2a27b157d404c96b0d4051e2b5b /roles/common-web/tasks/main.yml
parentf81d8c68ba20100c13859ed522c41bed4f27d88b (diff)
Set HTTP security headers.
See https://securityheaders.io .
Diffstat (limited to 'roles/common-web/tasks/main.yml')
-rw-r--r--roles/common-web/tasks/main.yml1
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/common-web/tasks/main.yml b/roles/common-web/tasks/main.yml
index fb6bb2d..02b7134 100644
--- a/roles/common-web/tasks/main.yml
+++ b/roles/common-web/tasks/main.yml
@@ -2,40 +2,41 @@
apt: pkg=nginx
- name: Limit Nginx logging
lineinfile: "dest=/etc/logrotate.d/nginx create=yes
regexp='^\\s*rotate\\s'
line='\trotate 1'"
tags:
- logrotate
- name: Copy fastcgi parameters, acme-challenge and SSL configuration snippets
copy: src=etc/nginx/snippets/{{ item }}
dest=/etc/nginx/snippets/{{ item }}
owner=root group=root
mode=0644
register: r1
with_items:
- fastcgi.conf
- fastcgi-php.conf
- fastcgi-php-ssl.conf
- ssl.conf
+ - headers.conf
- acme-challenge.conf
notify:
- Restart Nginx
- name: Copy /etc/nginx/sites-available/default
copy: src=etc/nginx/sites-available/default
dest=/etc/nginx/sites-available/default
owner=root group=root
mode=0644
register: r2
notify:
- Restart Nginx
- name: Create /etc/nginx/sites-enabled/default
file: src=../sites-available/default
dest=/etc/nginx/sites-enabled/default
owner=root group=root
state=link force=yes
register: r3
notify:
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-04 10:44:11 +0000