crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[framadate] NGINX config

certbot_on_virtu
Alexandre Iooss 2020-05-02 16:54:42 +02:00
parent bc932b0617
commit 86d17dedfa
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
2 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
roles/framadate/tasks/main.yml
View File

@ -47,12 +47,12 @@
- name: Configure nginx site - name: Configure nginx site
template: template:
src: nginx-site.j2 src: nginx-site.j2
dest: /etc/nginx/sites-available/framadate.conf dest: /etc/nginx/sites-available/framadate
- name: Enable nginx site - name: Enable nginx site
file: file:
src: /etc/nginx/sites-available/framadate.conf src: /etc/nginx/sites-available/framadate
dest: /etc/nginx/stes-enabled/framadate.conf dest: /etc/nginx/sites-enabled/framadate
state: link state: link
- name: Indicate role in motd - name: Indicate role in motd

60
roles/framadate/templates/nginx-site.j2 100644
View File

@ -0,0 +1,60 @@
{{ ansible_header | comment }}
server {
listen 80;
listen [::]:80;
server_name framadate.crans.org;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'";
add_header Referrer-Policy "strict-origin";
root {{ framadate.path }};
index index.php;
location ~^/(\.git)/{
deny all;
}
location ~ /\. {
deny all;
}
location ~ ^/composer\.json.*$|^/composer\.lock.*$|^/php\.ini.*$|^/.*\.sh {
deny all;
}
location /admin/ {
auth_basic "Restricted access";
auth_basic_user_file /etc/nginx/.htpasswd;
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
try_files $uri $uri/ =401;
}
location / {
rewrite "^/admin$" "/admin/" permanent;
# Clean URL
rewrite "^/([a-zA-Z0-9-]+)$" "/studs.php?poll=$1" last;
rewrite "^/([a-zA-Z0-9-]+)/action/([a-zA-Z_-]+)/(.+)$" "/studs.php?poll=$1&$2=$3" last;
rewrite "^/([a-zA-Z0-9-]+)/vote/([a-zA-Z0-9]{16})$" "/studs.php?poll=$1&vote=$2" last;
rewrite "^/([a-zA-Z0-9]{24})/admin$" "/adminstuds.php?poll=$1" last;
rewrite "^/([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$" "/adminstuds.php?poll=$1&vote=$2" last;
rewrite "^/([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/([A-Za-z0-9]+))?$" "/adminstuds.php?poll=$1&$2=$4" last;
try_files $uri /index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
}