mirror of
https://github.com/dev-sec/ansible-nginx-hardening.git
synced 2024-11-22 15:32:01 +01:00
remove useless params
This commit is contained in:
parent
ce11a7e6d8
commit
e2113ccbf1
@ -25,7 +25,5 @@ nginx_set_cookie_flag: "* HttpOnly secure"
|
||||
nginx_ssl_prefer_server_ciphers: "on"
|
||||
nginx_ssl_protocols: "TLSv1.2"
|
||||
nginx_ssl_ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
|
||||
nginx_ssl_prefer_server_ciphers: "on"
|
||||
nginx_ssl_session_tickets: "off"
|
||||
nginx_dh_param: "{{nginx_root_dir}}/dh{{nginx_dh_size}}.pem"
|
||||
nginx_dh_size: "2048"
|
||||
|
@ -1,7 +1,4 @@
|
||||
---
|
||||
- name: add the OS specific variables
|
||||
include_vars: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: config should not be worldwide read- or writeable
|
||||
file:
|
||||
path: "/etc/nginx"
|
||||
|
@ -8,11 +8,9 @@ client_header_timeout {{nginx_client_header_timeout}};
|
||||
send_timeout {{nginx_send_timeout}};
|
||||
limit_conn_zone {{nginx_limit_conn_zone}};
|
||||
limit_conn {{nginx_limit_conn}};
|
||||
set_cookie_flag {{nginx_set_cookie_flag}};
|
||||
ssl_ciphers '{{nginx_ssl_ciphers}}';
|
||||
ssl_prefer_server_ciphers {{nginx_ssl_prefer_server_ciphers}};
|
||||
ssl_session_tickets {{nginx_ssl_session_tickets}};
|
||||
ssl_dhparam {{nginx_dh_param}};
|
||||
ssl_dhparam /etc/nginx/dh{{nginx_dh_size}}.pem;
|
||||
{% for header in nginx_add_header %}
|
||||
add_header {{header}};
|
||||
{% endfor %}
|
||||
|
@ -1,4 +0,0 @@
|
||||
nginx_root_dir: '/etc/nginx'
|
||||
nginx_config_conf_dir: '/etc/nginx/conf.d'
|
||||
nginx_default_conf: '/etc/nginx/sites-enabled/default'
|
||||
nginx_service_name: 'nginx'
|
@ -1,4 +0,0 @@
|
||||
nginx_root_dir: '/etc/nginx'
|
||||
nginx_config_conf_dir: '/etc/nginx/conf.d'
|
||||
nginx_default_conf: '/etc/nginx/conf.d/default.conf'
|
||||
nginx_service_name: 'nginx'
|
@ -1,4 +0,0 @@
|
||||
nginx_root_dir: '/etc/nginx'
|
||||
nginx_config_conf_dir: '/etc/nginx/conf.d'
|
||||
nginx_default_conf: '/etc/nginx/conf.d/default.conf'
|
||||
nginx_service_name: 'nginx'
|
@ -0,0 +1 @@
|
||||
---
|
Loading…
Reference in New Issue
Block a user