1
0
mirror of https://github.com/dev-sec/ansible-nginx-hardening.git synced 2024-11-22 15:32:01 +01:00

remove useless params

This commit is contained in:
Sebastian Gumprich 2018-09-08 14:58:36 +02:00
parent ce11a7e6d8
commit e2113ccbf1
7 changed files with 11 additions and 29 deletions

@ -25,7 +25,5 @@ nginx_set_cookie_flag: "* HttpOnly secure"
nginx_ssl_prefer_server_ciphers: "on"
nginx_ssl_protocols: "TLSv1.2"
nginx_ssl_ciphers: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
nginx_ssl_prefer_server_ciphers: "on"
nginx_ssl_session_tickets: "off"
nginx_dh_param: "{{nginx_root_dir}}/dh{{nginx_dh_size}}.pem"
nginx_dh_size: "2048"

@ -1,7 +1,4 @@
---
- name: add the OS specific variables
include_vars: "{{ ansible_os_family }}.yml"
- name: config should not be worldwide read- or writeable
file:
path: "/etc/nginx"

@ -1,18 +1,16 @@
# {{ansible_managed|comment}}
# Additional configuration for Nginx.
client_header_buffer_size {{nginx_client_header_buffer_size}};
client_header_buffer_size {{nginx_client_header_buffer_size}};
large_client_header_buffers {{nginx_large_client_header_buffers}};
client_body_timeout {{nginx_client_body_timeout}};
client_header_timeout {{nginx_client_header_timeout}};
send_timeout {{nginx_send_timeout}};
limit_conn_zone {{nginx_limit_conn_zone}};
limit_conn {{nginx_limit_conn}};
set_cookie_flag {{nginx_set_cookie_flag}};
ssl_ciphers '{{nginx_ssl_ciphers}}';
ssl_prefer_server_ciphers {{nginx_ssl_prefer_server_ciphers}};
ssl_session_tickets {{nginx_ssl_session_tickets}};
ssl_dhparam {{nginx_dh_param}};
client_body_timeout {{nginx_client_body_timeout}};
client_header_timeout {{nginx_client_header_timeout}};
send_timeout {{nginx_send_timeout}};
limit_conn_zone {{nginx_limit_conn_zone}};
limit_conn {{nginx_limit_conn}};
ssl_ciphers '{{nginx_ssl_ciphers}}';
ssl_session_tickets {{nginx_ssl_session_tickets}};
ssl_dhparam /etc/nginx/dh{{nginx_dh_size}}.pem;
{% for header in nginx_add_header %}
add_header {{header}};
add_header {{header}};
{% endfor %}

@ -1,4 +0,0 @@
nginx_root_dir: '/etc/nginx'
nginx_config_conf_dir: '/etc/nginx/conf.d'
nginx_default_conf: '/etc/nginx/sites-enabled/default'
nginx_service_name: 'nginx'

@ -1,4 +0,0 @@
nginx_root_dir: '/etc/nginx'
nginx_config_conf_dir: '/etc/nginx/conf.d'
nginx_default_conf: '/etc/nginx/conf.d/default.conf'
nginx_service_name: 'nginx'

@ -1,4 +0,0 @@
nginx_root_dir: '/etc/nginx'
nginx_config_conf_dir: '/etc/nginx/conf.d'
nginx_default_conf: '/etc/nginx/conf.d/default.conf'
nginx_service_name: 'nginx'

@ -0,0 +1 @@
---