From e2113ccbf1f42f5a92b39d138a57c2c47783fe74 Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Sat, 8 Sep 2018 14:58:36 +0200 Subject: [PATCH] remove useless params --- defaults/main.yml | 2 -- tasks/main.yml | 3 --- templates/hardening.conf.j2 | 22 ++++++++++------------ vars/Debian.yml | 4 ---- vars/Oracle Linux.yml | 4 ---- vars/RedHat.yml | 4 ---- vars/main.yml | 1 + 7 files changed, 11 insertions(+), 29 deletions(-) delete mode 100644 vars/Debian.yml delete mode 100644 vars/Oracle Linux.yml delete mode 100644 vars/RedHat.yml diff --git a/defaults/main.yml b/defaults/main.yml index 434d9f7..13bc790 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,7 +25,5 @@ nginx_set_cookie_flag: "* HttpOnly secure" nginx_ssl_prefer_server_ciphers: "on" nginx_ssl_protocols: "TLSv1.2" nginx_ssl_ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256" -nginx_ssl_prefer_server_ciphers: "on" nginx_ssl_session_tickets: "off" -nginx_dh_param: "{{nginx_root_dir}}/dh{{nginx_dh_size}}.pem" nginx_dh_size: "2048" diff --git a/tasks/main.yml b/tasks/main.yml index bd3848a..e902dbe 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,7 +1,4 @@ --- -- name: add the OS specific variables - include_vars: "{{ ansible_os_family }}.yml" - - name: config should not be worldwide read- or writeable file: path: "/etc/nginx" diff --git a/templates/hardening.conf.j2 b/templates/hardening.conf.j2 index 1e250cb..a2ca2e6 100644 --- a/templates/hardening.conf.j2 +++ b/templates/hardening.conf.j2 @@ -1,18 +1,16 @@ # {{ansible_managed|comment}} # Additional configuration for Nginx. -client_header_buffer_size {{nginx_client_header_buffer_size}}; +client_header_buffer_size {{nginx_client_header_buffer_size}}; large_client_header_buffers {{nginx_large_client_header_buffers}}; -client_body_timeout {{nginx_client_body_timeout}}; -client_header_timeout {{nginx_client_header_timeout}}; -send_timeout {{nginx_send_timeout}}; -limit_conn_zone {{nginx_limit_conn_zone}}; -limit_conn {{nginx_limit_conn}}; -set_cookie_flag {{nginx_set_cookie_flag}}; -ssl_ciphers '{{nginx_ssl_ciphers}}'; -ssl_prefer_server_ciphers {{nginx_ssl_prefer_server_ciphers}}; -ssl_session_tickets {{nginx_ssl_session_tickets}}; -ssl_dhparam {{nginx_dh_param}}; +client_body_timeout {{nginx_client_body_timeout}}; +client_header_timeout {{nginx_client_header_timeout}}; +send_timeout {{nginx_send_timeout}}; +limit_conn_zone {{nginx_limit_conn_zone}}; +limit_conn {{nginx_limit_conn}}; +ssl_ciphers '{{nginx_ssl_ciphers}}'; +ssl_session_tickets {{nginx_ssl_session_tickets}}; +ssl_dhparam /etc/nginx/dh{{nginx_dh_size}}.pem; {% for header in nginx_add_header %} -add_header {{header}}; +add_header {{header}}; {% endfor %} diff --git a/vars/Debian.yml b/vars/Debian.yml deleted file mode 100644 index 3d85fa5..0000000 --- a/vars/Debian.yml +++ /dev/null @@ -1,4 +0,0 @@ -nginx_root_dir: '/etc/nginx' -nginx_config_conf_dir: '/etc/nginx/conf.d' -nginx_default_conf: '/etc/nginx/sites-enabled/default' -nginx_service_name: 'nginx' diff --git a/vars/Oracle Linux.yml b/vars/Oracle Linux.yml deleted file mode 100644 index 6ec8bc2..0000000 --- a/vars/Oracle Linux.yml +++ /dev/null @@ -1,4 +0,0 @@ -nginx_root_dir: '/etc/nginx' -nginx_config_conf_dir: '/etc/nginx/conf.d' -nginx_default_conf: '/etc/nginx/conf.d/default.conf' -nginx_service_name: 'nginx' diff --git a/vars/RedHat.yml b/vars/RedHat.yml deleted file mode 100644 index 6ec8bc2..0000000 --- a/vars/RedHat.yml +++ /dev/null @@ -1,4 +0,0 @@ -nginx_root_dir: '/etc/nginx' -nginx_config_conf_dir: '/etc/nginx/conf.d' -nginx_default_conf: '/etc/nginx/conf.d/default.conf' -nginx_service_name: 'nginx' diff --git a/vars/main.yml b/vars/main.yml index e69de29..ed97d53 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -0,0 +1 @@ +---