diff --git a/1/roles/nginx/files/sites-enabled/cloud.conf b/1/roles/nginx/files/sites-enabled/cloud.conf index a66d140..f2867a9 100644 --- a/1/roles/nginx/files/sites-enabled/cloud.conf +++ b/1/roles/nginx/files/sites-enabled/cloud.conf @@ -1,19 +1,19 @@ server { listen 80; - listen 443 ssl http2; + # listen 443 ssl http2; server_name cloud.{{domain}}; index index.php; - ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot + # ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot - add_header X-Content-Type-Options nosniff; - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - add_header X-Frame-Options SAMEORIGIN; + # add_header X-Content-Type-Options nosniff; + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # add_header X-XSS-Protection "1; mode=block"; + # add_header X-Robots-Tag none; + # add_header X-Download-Options noopen; + # add_header X-Permitted-Cross-Domain-Policies none; + # add_header Referrer-Policy no-referrer; + # add_header X-Frame-Options SAMEORIGIN; access_log /var/log/nginx/access.nextcloud.log main; root /var/www/nextcloud/; diff --git a/1/roles/nginx/files/sites-enabled/default_server.conf b/1/roles/nginx/files/sites-enabled/default_server.conf index da7f95b..f862cb2 100755 --- a/1/roles/nginx/files/sites-enabled/default_server.conf +++ b/1/roles/nginx/files/sites-enabled/default_server.conf @@ -1,10 +1,10 @@ server { listen 80 default_server; - listen 443 ssl default_server; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + # listen 443 ssl default_server; # managed by Certbot + # ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot + # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot access_log /var/log/nginx/ip_access.log verbose_llz; diff --git a/1/roles/nginx/files/sites-enabled/pma.conf b/1/roles/nginx/files/sites-enabled/pma.conf index 1148607..fcf6c68 100644 --- a/1/roles/nginx/files/sites-enabled/pma.conf +++ b/1/roles/nginx/files/sites-enabled/pma.conf @@ -1,17 +1,17 @@ server { listen 80; - listen 443 ssl http2; + # listen 443 ssl http2; server_name pma.{{domain}}; - ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot + # ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # add_header X-Content-Type-Options nosniff; + # add_header X-XSS-Protection "1; mode=block"; + # add_header X-Robots-Tag none; + # add_header X-Download-Options noopen; + # add_header X-Permitted-Cross-Domain-Policies none; root /var/www/pma; diff --git a/1/roles/nginx/files/sites-enabled/root.conf b/1/roles/nginx/files/sites-enabled/root.conf index c50dc5c..6a1d0fe 100644 --- a/1/roles/nginx/files/sites-enabled/root.conf +++ b/1/roles/nginx/files/sites-enabled/root.conf @@ -1,12 +1,12 @@ server { listen 80; - listen 443 ssl http2; + # listen 443 ssl http2; server_name {{domain}}; - ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; + # ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # add_header X-Content-Type-Options nosniff; + # add_header X-XSS-Protection "1; mode=block"; root /var/www/root; index index.html index.php; diff --git a/1/roles/nginx/files/sites-enabled/wiki.conf b/1/roles/nginx/files/sites-enabled/wiki.conf index d801b11..3ac4749 100644 --- a/1/roles/nginx/files/sites-enabled/wiki.conf +++ b/1/roles/nginx/files/sites-enabled/wiki.conf @@ -1,17 +1,17 @@ server { listen 80; - listen 443 ssl http2; + # listen 443 ssl http2; server_name wiki.{{domain}}; - ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot + # ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot + # ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # add_header X-Content-Type-Options nosniff; + # add_header X-XSS-Protection "1; mode=block"; + # add_header X-Robots-Tag none; + # add_header X-Download-Options noopen; + # add_header X-Permitted-Cross-Domain-Policies none; root /var/www; diff --git a/1/roles/webapps/tasks/main.yml b/1/roles/webapps/tasks/main.yml new file mode 100644 index 0000000..c950b5a --- /dev/null +++ b/1/roles/webapps/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- name: install unzip + apt: + name: unzip + state: latest + +- name: Download and unpack phpmyadmin + ansible.builtin.unarchive: + src: https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.zip + dest: /var/www/pma + remote_src: yes + owner: www-data + +- name: move pma to pma dir + copy: + src: /var/www/pma/phpMyAdmin-5.1.0-all-languages/ + dest: /var/www/pma/ + remote_src: True \ No newline at end of file diff --git a/README.md b/README.md index e401509..6a3f41b 100644 --- a/README.md +++ b/README.md @@ -7,10 +7,10 @@ Web: - [x] mediawiki на поддомене wiki.xz777.ru - - [x] nextcloud на поддомене cloud.xz777.ru - - [x] phpmyadmin на поддомене pma.xz777.ru - - [x] Тестовая (about) страница на домене xz777.ru - - [x] default_server ведет на тестовую страницу + - [ ] nextcloud на поддомене cloud.xz777.ru + - [ ] phpmyadmin на поддомене pma.xz777.ru + - [ ] Тестовая (about) страница на домене xz777.ru + - [ ] default_server ведет на тестовую страницу Для mediawiki и nextcloud свои php-fpm pool'ы