WIP: generiek nginx role

2024-07-14 21:43:53 +02:00 · 2024-07-14 21:43:53 +02:00 · 8df1cba71c
commit 8df1cba71c
parent ea3b17ef2d
14 changed files with 278 additions and 15 deletions
--- a/roles/nginx/defaults/main.yaml
+++ b/roles/nginx/defaults/main.yaml
@ -0,0 +1,16 @@
+---
+
+nginx_package:              "nginx-light"
+nginx_user:                 "www-data"
+nginx_modules_dir:          "/etc/nginx/modules-enabled"
+
+
+nginx_tls_version:          "TLSv1.2 TLSv1.3"
+nginx_tls_cipherlist:       "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:!SHA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
+nginx_tls_curve:            "prime256v1:secp384r1"
+nginx_tls_cache_size:       "10m"
+nginx_tls_session_timeout:  "1h"
+nginx_ssl_stapling:         "on"
+nginx_ssl_stapling_verify:  "on"
+nginx_wk_acme:              "/var/lib/dehydrated/acme-challenges"
+