lilik_playbook

967 KiB

Tree: cabcf490ff

Author	SHA1	Message	Date
Zolfa	780a9382d0	roles/nginx: security improvements - Don't advertise NGINX version. - Comply with last Mozilla TLS Guidelines, for modern configuration. - More comments for better readability.	5 years ago
Zolfa	cea0a71c83	roles/nginx: fix indentation in templates	5 years ago
Zolfa	eb4c535206	roles/nginx: proxy_protocol support If `proxy_protocol` is turned on user port 10443 to accept PROXY Protocol HTTPS connections and keedp using port 443 for standard HTTPS connection. New variables: - proxy_protocol \| default(true)	5 years ago
Zolfa	c99cb8a9d5	reverse_proxy: use PROXY PROTOCOL Original Client IP is correctly passed to upstream nginx instances (nginx role or gitlab). Affected roles: - reverse_proxy: Pass PROXY PROTOCOL by default to all upstream server. May cause problem with upstream server unable to understand PROXY PROTOCOL. We should put a nginx proxy in front in that case. - nginx: Expect PROXY PROTOCOL for all incoming TLS connection on nginx clients. Warning: now you can access local server only passing by the firewall reverse proxy, not directly. - gitlab: Built-in nginx instance configured to expect PROXY PROTOCOL for tls incoming connections.	5 years ago
Zolfa	0f75220c72	Force TLSv1.3 when feasible Affected roles: - gitlab - nginx - ldap	5 years ago
Andrea Cimbalo	e1a4794ec7	use nginx include directive to enable support for multiple location from different role on the same domain	7 years ago
Andrea Cimbalo	dcf8116f60	Serve fullchain	8 years ago
Andrea Cimbalo	f426c9cd3a	more generic certbot	8 years ago
Andrea Cimbalo	4de58737b6	certbot static test for login3	8 years ago
Andrea Cimbalo	69d124d014	huge refactoring on services	9 years ago
Slash	14e978d54b	[WIP] Services	9 years ago
Slash	4f950b79cf	Some playbooks full of joy.	9 years ago

8 Commits (cabcf490ff72fdab7593b99d7987741e89c67b5d)