radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add custom headers in vhost (moved from ssl helpers)

pull/22/head 1.2.0
Emilien Mantel 2016-03-15 10:51:14 +01:00
parent d223f8b144
commit 2ba906be2e
5 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/vhost.md
View File

@ -15,6 +15,7 @@ Common
- `delete`: (O) Delete the vhost (default is false)
- `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
- `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
- `headers`: (O) Set additionals header as key/value list.
- `redirect_to_code`: Redirect code (default: 302)
- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to ```['https']```.
- `location`: (O) Add new custom locations (it does not overwrite!)

2
templates/etc/nginx/helper/ssl-legacy.j2
View File

@ -7,8 +7,6 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on;
ssl_stapling_verify on;

2
templates/etc/nginx/helper/ssl-strong.j2
View File

@ -7,8 +7,6 @@ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
ssl_stapling on;
ssl_stapling_verify on;

7
templates/etc/nginx/sites-available/_base.j2
View File

@ -3,6 +3,7 @@
{% set __listen = item.listen | default(['80']) %}
{% set __listen_ssl = item.listen_ssl | default(['443']) %}
{% set __location = item.location | default({}) %}
{% set __headers = item.headers | default({'X-Frame-Options': 'DENY', 'X-Content-Type-Options': 'nosniff' }) %}
{% macro htpasswd(htpasswd_name, indent=1) -%}
{% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
{{ "\t" * indent }}auth_basic "{{ ht.description }}";
@ -57,6 +58,12 @@ server {
{{ htpasswd(item.htpasswd, 1) }}
{% endif %}
# --> Custom headers
{% for key, value in __headers.iteritems() %}
add_header {{ key }} {{ value }};
{% endfor %}
# <-- Custom headers
{% if not __location.has_key('/') %}
location / {
{% block template_try_files %}

4
tests/test.yml
View File

@ -107,11 +107,13 @@
template: '_base'
filename : 'first-test'
override_try_files: '$uri $uri index.htm index.html'
headers:
'X-Frame-Options': 'deny'
'X-ansible-default': '1'
manage_local_content: false
use_error_log: false
more:
- 'autoindex off;'
- 'add_header X-ansible-default 1;'
location:
'/test':
- 'return 403;'