mirror of
https://github.com/HanXHX/ansible-nginx.git
synced 2026-02-24 09:03:29 +07:00
Add custom headers in vhost (moved from ssl helpers)
This commit is contained in:
@@ -7,8 +7,6 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
@@ -7,8 +7,6 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
{% set __listen = item.listen | default(['80']) %}
|
||||
{% set __listen_ssl = item.listen_ssl | default(['443']) %}
|
||||
{% set __location = item.location | default({}) %}
|
||||
{% set __headers = item.headers | default({'X-Frame-Options': 'DENY', 'X-Content-Type-Options': 'nosniff' }) %}
|
||||
{% macro htpasswd(htpasswd_name, indent=1) -%}
|
||||
{% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
|
||||
{{ "\t" * indent }}auth_basic "{{ ht.description }}";
|
||||
@@ -57,6 +58,12 @@ server {
|
||||
{{ htpasswd(item.htpasswd, 1) }}
|
||||
{% endif %}
|
||||
|
||||
# --> Custom headers
|
||||
{% for key, value in __headers.iteritems() %}
|
||||
add_header {{ key }} {{ value }};
|
||||
{% endfor %}
|
||||
# <-- Custom headers
|
||||
|
||||
{% if not __location.has_key('/') %}
|
||||
location / {
|
||||
{% block template_try_files %}
|
||||
|
||||
Reference in New Issue
Block a user