Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Move this config file to a template so we can use inventory_hostname and have it work for both taiga and taigastg

Browse source
This commit is contained in:
Kevin Fenzi 2016-07-14 16:41:12 +00:00
parent 28e266350b
commit 311236ac0e
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/taiga/tasks/main.yml
View file

@ -191,7 +191,7 @@
mode=0644 owner=nginx group=nginx
notify: restart nginx
tags: taiga
- copy: src=taiga-ssl.nginx dest=/etc/nginx/conf.d/taiga-ssl.conf
- template: src=taiga-ssl.nginx dest=/etc/nginx/conf.d/taiga-ssl.conf
mode=0644 owner=nginx group=nginx
notify: restart nginx
tags: taiga

6
roles/taiga/files/taiga-ssl.nginx → roles/taiga/templates/taiga-ssl.nginx
View file

@ -1,9 +1,9 @@
server {
listen 443 ssl;
server_name taiga.fedorainfracloud.org;
server_name {{ inventory_hostname }}
ssl_certificate /etc/letsencrypt/live/taiga.fedorainfracloud.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/taiga.fedorainfracloud.org/privkey.pem;
ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256;
# add_header Strict-Transport-Security "max-age=31536000;";