fast fix 'cause of no ssl + pma installation
This commit is contained in:
lulzette
parent
60e58207b8
commit
ca222e999d
@ -1,19 +1,19 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
server_name cloud.{{domain}};
|
||||
index index.php;
|
||||
ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
add_header Referrer-Policy no-referrer;
|
||||
add_header X-Frame-Options SAMEORIGIN;
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
# add_header X-Robots-Tag none;
|
||||
# add_header X-Download-Options noopen;
|
||||
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# add_header Referrer-Policy no-referrer;
|
||||
# add_header X-Frame-Options SAMEORIGIN;
|
||||
access_log /var/log/nginx/access.nextcloud.log main;
|
||||
|
||||
root /var/www/nextcloud/;
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen 443 ssl default_server; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
# listen 443 ssl default_server; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
|
||||
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
# ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
access_log /var/log/nginx/ip_access.log verbose_llz;
|
||||
|
||||
|
||||
@ -1,17 +1,17 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
|
||||
server_name pma.{{domain}};
|
||||
ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
# add_header X-Robots-Tag none;
|
||||
# add_header X-Download-Options noopen;
|
||||
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
root /var/www/pma;
|
||||
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
server_name {{domain}};
|
||||
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
# ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
|
||||
root /var/www/root;
|
||||
index index.html index.php;
|
||||
|
||||
@ -1,17 +1,17 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 ssl http2;
|
||||
# listen 443 ssl http2;
|
||||
|
||||
server_name wiki.{{domain}};
|
||||
ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
|
||||
# ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
|
||||
# ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
|
||||
|
||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||
# add_header X-Content-Type-Options nosniff;
|
||||
# add_header X-XSS-Protection "1; mode=block";
|
||||
# add_header X-Robots-Tag none;
|
||||
# add_header X-Download-Options noopen;
|
||||
# add_header X-Permitted-Cross-Domain-Policies none;
|
||||
|
||||
root /var/www;
|
||||
|
||||
|
||||
18
1/roles/webapps/tasks/main.yml
Normal file
18
1/roles/webapps/tasks/main.yml
Normal file
@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: install unzip
|
||||
apt:
|
||||
name: unzip
|
||||
state: latest
|
||||
|
||||
- name: Download and unpack phpmyadmin
|
||||
ansible.builtin.unarchive:
|
||||
src: https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.zip
|
||||
dest: /var/www/pma
|
||||
remote_src: yes
|
||||
owner: www-data
|
||||
|
||||
- name: move pma to pma dir
|
||||
copy:
|
||||
src: /var/www/pma/phpMyAdmin-5.1.0-all-languages/
|
||||
dest: /var/www/pma/
|
||||
remote_src: True
|
||||
@ -7,10 +7,10 @@
|
||||
|
||||
Web:
|
||||
- [x] mediawiki на поддомене wiki.xz777.ru
|
||||
- [x] nextcloud на поддомене cloud.xz777.ru
|
||||
- [x] phpmyadmin на поддомене pma.xz777.ru
|
||||
- [x] Тестовая (about) страница на домене xz777.ru
|
||||
- [x] default_server ведет на тестовую страницу
|
||||
- [ ] nextcloud на поддомене cloud.xz777.ru
|
||||
- [ ] phpmyadmin на поддомене pma.xz777.ru
|
||||
- [ ] Тестовая (about) страница на домене xz777.ru
|
||||
- [ ] default_server ведет на тестовую страницу
|
||||
|
||||
Для mediawiki и nextcloud свои php-fpm pool'ы
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user