Secure files permission

pull/27/head
Emilien Mantel 2016-11-25 11:33:20 +01:00
parent 5b0977567c
commit 8ccc9f521f
4 changed files with 13 additions and 4 deletions

View File

@ -19,6 +19,6 @@
nginx_modules: "{{ shell_modules.stdout_lines }}" nginx_modules: "{{ shell_modules.stdout_lines }}"
- name: FILE | Create folders - name: FILE | Create folders
file: dest={{ item }} owner=root mode=0755 state=directory file: dest="{{ item.dir }}" owner="{{ item.owner }}" mode="{{ item.mode }}" state=directory
with_items: "{{ nginx_dirs }}" with_items: "{{ nginx_dirs }}"

View File

@ -25,6 +25,7 @@
copy: > copy: >
content="{{ item.key }}" content="{{ item.key }}"
dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' if item.dest_key is not defined else item.dest_key }}" dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' if item.dest_key is not defined else item.dest_key }}"
mode=0640
with_items: "{{ nginx_ssl_pairs }}" with_items: "{{ nginx_ssl_pairs }}"
when: item.key is defined when: item.key is defined
notify: reload nginx notify: reload nginx
@ -34,6 +35,7 @@
copy: > copy: >
content="{{ item.cert }}" content="{{ item.cert }}"
dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' if item.dest_cert is not defined else item.dest_cert }}" dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
mode=0644
with_items: "{{ nginx_ssl_pairs }}" with_items: "{{ nginx_ssl_pairs }}"
when: item.cert is defined when: item.cert is defined
notify: reload nginx notify: reload nginx

View File

@ -147,6 +147,7 @@
location: location:
'/hello': '/hello':
- htpasswd: 'hello' - htpasswd: 'hello'
use_error_log: true
- name: 'test-htpasswd-all.local' - name: 'test-htpasswd-all.local'
template: '_base' template: '_base'
htpasswd: 'hello' htpasswd: 'hello'

View File

@ -23,9 +23,15 @@ nginx_upstream_server_params:
# min_version: '1.5.12' # min_version: '1.5.12'
nginx_dirs: nginx_dirs:
- "{{ nginx_htpasswd_dir }}" - dir: "{{ nginx_htpasswd_dir }}"
- "{{ nginx_ssl_dir }}" mode: "0750"
- "{{ nginx_helper_dir }}" owner: "{{ nginx_user }}"
- dir: "{{ nginx_ssl_dir }}"
mode: "0750"
owner: "root"
- dir: "{{ nginx_helper_dir }}"
mode: "0755"
owner: "root"
nginx_templates_no_dir: nginx_templates_no_dir:
- '_backuppc' - '_backuppc'