mirror of
https://github.com/dev-sec/ansible-nginx-hardening.git
synced 2024-05-24 10:06:31 +02:00
update readme to new layout for vars (#33)
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
This commit is contained in:
parent
e266decde8
commit
1e115d9eeb
73
README.md
73
README.md
|
@ -21,25 +21,60 @@ It works with the following nginx-roles, including, but not limited to:
|
|||
|
||||
## Role Variables
|
||||
|
||||
| Name | Default Value | Description |
|
||||
| -------------- | ------------- | -----------------------------------|
|
||||
| [nginx_client_body_buffer_size][] | `1k` | Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file. |
|
||||
| nginx_remove_default_site | `true` | Disables the default site. Set to false to enable the default site in nginx. |
|
||||
| [nginx_client_max_body_size][] | `1k` | Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. If the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client. |
|
||||
| [nginx_keepalive_timeout][] | `5 5` | The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The optional second parameter sets a value in the “Keep-Alive: timeout=time” response header field. |
|
||||
| [nginx_server_tokens][] | `off` | Disables emitting nginx version in error messages and in the "Server" response header field. Set to on to enable the nginx version in error messages and "Server" response header. |
|
||||
| [nginx_client_header_buffer_size][] | `1k` | Sets buffer size for reading client request header. For most requests, a buffer of 1K bytes is enough. |
|
||||
| [nginx_large_client_header_buffers][] | `2 1k` | Sets the maximum number and size of buffers used for reading large client request header. |
|
||||
| [nginx_client_body_timeout][] | `10` | Defines a timeout for reading client request body. |
|
||||
| [nginx_client_header_timeout][] | `10` | Defines a timeout for reading client request header. |
|
||||
| [nginx_send_timeout][] | `10` | Sets a timeout for transmitting a response to the client. |
|
||||
| [nginx_limit_conn_zone][] | `$binary_remote_addr zone=default:10m` | Sets parameters for a shared memory zone that will keep states for various keys. |
|
||||
| [nginx_limit_conn][] | `default 5` | Sets the shared memory zone and the maximum allowed number of connections for a given key value. |
|
||||
| [nginx_add_header][] | `[ "X-Frame-Options SAMEORIGIN", "X-Content-Type-Options nosniff", "X-XSS-Protection \"1; mode=block\"" ]` |Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307. |
|
||||
| [nginx_ssl_protocols][] | `TLSv1.2` | Specifies the SSL protocol which should be used. |
|
||||
| [nginx_ssl_ciphers][] | *see defaults.yml* | Specifies the TLS ciphers which should be used. |
|
||||
| [nginx_ssl_prefer_server_ciphers][] | `on` | Specifies that server ciphers should be preferred over client ciphers when using the TLS protocols. Set to false to disable it. |
|
||||
| [nginx_dh_size][] | `2048` | Specifies the length of DH parameters for EDH ciphers. |
|
||||
* [nginx_client_body_buffer_size][]
|
||||
* Default: `1k`
|
||||
* Description: Sets buffer size for reading client request body. In case the request body is larger than the buffer, the whole body or only its part is written to a temporary file.
|
||||
* nginx_remove_default_site
|
||||
* Default: `true`
|
||||
* Description: Disables the default site. Set to false to enable the default site in nginx.
|
||||
* [nginx_client_max_body_size][]
|
||||
* Default: `1k`
|
||||
* Description: Sets the maximum allowed size of the client request body, specified in the “Content-Length” request header field. If the size in a request exceeds the configured value, the 41
|
||||
3 (Request Entity Too Large) error is returned to the client.
|
||||
* [nginx_keepalive_timeout][]
|
||||
* Default: `5 5`
|
||||
* Description: The first parameter sets a timeout during which a keep-alive client connection will stay open on the server side. The zero value disables keep-alive client connections. The op
|
||||
tional second parameter sets a value in the “Keep-Alive: timeout=time” response header field.
|
||||
* [nginx_server_tokens][]
|
||||
* Default: `off`
|
||||
* Description: Disables emitting nginx version in error messages and in the "Server" response header field. Set to on to enable the nginx version in error messages and "Server" response head
|
||||
er.
|
||||
* [nginx_client_header_buffer_size][]
|
||||
* Default: `1k`
|
||||
* Description: Sets buffer size for reading client request header. For most requests, a buffer of 1K bytes is enough.
|
||||
* [nginx_large_client_header_buffers][]
|
||||
* Default: `2 1k`
|
||||
* Description: Sets the maximum number and size of buffers used for reading large client request header.
|
||||
* [nginx_client_body_timeout][]
|
||||
* Default: `10`
|
||||
* Description: Defines a timeout for reading client request body.
|
||||
* [nginx_client_header_timeout][]
|
||||
* Default: `10`
|
||||
* Description: Defines a timeout for reading client request header.
|
||||
* [nginx_send_timeout][]
|
||||
* Default: `10`
|
||||
* Description: Sets a timeout for transmitting a response to the client.
|
||||
* [nginx_limit_conn_zone][]
|
||||
* Default: `$binary_remote_addr zone=default:10m`
|
||||
* Description: Sets parameters for a shared memory zone that will keep states for various keys.
|
||||
* [nginx_limit_conn][]
|
||||
* Default: `default 5`
|
||||
* Description: Sets the shared memory zone and the maximum allowed number of connections for a given key value.
|
||||
* [nginx_add_header][]
|
||||
* Default: `[ "X-Frame-Options SAMEORIGIN", "X-Content-Type-Options nosniff", "X-XSS-Protection \"1; mode=block\"" ]`
|
||||
* Description:Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, or 307.
|
||||
* [nginx_ssl_protocols][]
|
||||
* Default: `TLSv1.2`
|
||||
* Description: Specifies the SSL protocol which should be used.
|
||||
* [nginx_ssl_ciphers][]
|
||||
* Default: *see defaults.yml*
|
||||
* Description: Specifies the TLS ciphers which should be used.
|
||||
* [nginx_ssl_prefer_server_ciphers][]
|
||||
* Default: `on`
|
||||
* Description: Specifies that server ciphers should be preferred over client ciphers when using the TLS protocols. Set to false to disable it.
|
||||
* [nginx_dh_size][]
|
||||
* Default: `2048`
|
||||
* Description: Specifies the length of DH parameters for EDH ciphers.
|
||||
|
||||
## Installation
|
||||
|
||||
|
|
Loading…
Reference in New Issue