diff options
Diffstat (limited to 'playbooks.d/webserver/share/snippets.d')
-rw-r--r-- | playbooks.d/webserver/share/snippets.d/certbot.conf | 5 | ||||
-rw-r--r-- | playbooks.d/webserver/share/snippets.d/fcgi.conf | 27 | ||||
-rw-r--r-- | playbooks.d/webserver/share/snippets.d/headers.conf | 4 | ||||
-rw-r--r-- | playbooks.d/webserver/share/snippets.d/ssl.conf | 16 | ||||
-rw-r--r-- | playbooks.d/webserver/share/snippets.d/uwsgi.conf | 20 |
5 files changed, 0 insertions, 72 deletions
diff --git a/playbooks.d/webserver/share/snippets.d/certbot.conf b/playbooks.d/webserver/share/snippets.d/certbot.conf deleted file mode 100644 index 64c9195..0000000 --- a/playbooks.d/webserver/share/snippets.d/certbot.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Certbot endpoint -location /.well-known/acme-challenge { - root /var/www/.acme; - try_files $uri $uri/ =404; -} diff --git a/playbooks.d/webserver/share/snippets.d/fcgi.conf b/playbooks.d/webserver/share/snippets.d/fcgi.conf deleted file mode 100644 index bc235bf..0000000 --- a/playbooks.d/webserver/share/snippets.d/fcgi.conf +++ /dev/null @@ -1,27 +0,0 @@ -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; - -# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962) -fastcgi_param HTTP_PROXY ""; diff --git a/playbooks.d/webserver/share/snippets.d/headers.conf b/playbooks.d/webserver/share/snippets.d/headers.conf deleted file mode 100644 index c277e3d..0000000 --- a/playbooks.d/webserver/share/snippets.d/headers.conf +++ /dev/null @@ -1,4 +0,0 @@ -add_header Content-Security-Policy "default-src 'self'" always; -add_header Referrer-Policy "strict-origin-when-cross-origin" always; -add_header X-Content-Type-Options "nosniff" always; -add_header X-Frame-Options "SAMEORIGIN" always; diff --git a/playbooks.d/webserver/share/snippets.d/ssl.conf b/playbooks.d/webserver/share/snippets.d/ssl.conf deleted file mode 100644 index 68bcdf0..0000000 --- a/playbooks.d/webserver/share/snippets.d/ssl.conf +++ /dev/null @@ -1,16 +0,0 @@ -# SSL settings -ssl_protocols TLSv1.3 TLSv1.2; - -ssl_buffer_size 4K; -ssl_dhparam /etc/nginx/dhparam.pem; -ssl_ecdh_curve secp521r1:secp384r1; -ssl_prefer_server_ciphers on; -ssl_session_cache shared:le_nginx_SSL:2m; -ssl_session_tickets off; -ssl_session_timeout 1440m; - -# Ciphers -ssl_ciphers 'EECDH+AESGCM:EECDH+AES256:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES256-SHA'; - -# Additional headers -add_header Strict-Transport-Security "max-age=63072000" always; diff --git a/playbooks.d/webserver/share/snippets.d/uwsgi.conf b/playbooks.d/webserver/share/snippets.d/uwsgi.conf deleted file mode 100644 index 9d67d3d..0000000 --- a/playbooks.d/webserver/share/snippets.d/uwsgi.conf +++ /dev/null @@ -1,20 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; - -# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962) -uwsgi_param HTTP_PROXY ""; |