mirror of
https://github.com/krislamo/freecloud
synced 2024-12-16 10:40:36 +00:00
Enabled HTTPS on Let's Encrypt
Refined gitignore. Moved testing variables back to group_vars. Added apache modules: rewrite, ssl and header and created strong SSL settings.
This commit is contained in:
parent
3a7fd20fff
commit
19c55ca2fb
4
.gitignore
vendored
4
.gitignore
vendored
@ -6,9 +6,9 @@
|
|||||||
|
|
||||||
# Production files
|
# Production files
|
||||||
*.yml
|
*.yml
|
||||||
host_vars/**
|
host_vars
|
||||||
|
|
||||||
# Testing env exceptions
|
# Testing env exceptions
|
||||||
!testing.yml
|
!testing.yml
|
||||||
!./host_vars/all.yml
|
!all.yml
|
||||||
|
|
||||||
|
15
group_vars/all.yml
Normal file
15
group_vars/all.yml
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
## Nextcloud Configuration ##
|
||||||
|
nc_version: 16.0.3
|
||||||
|
nc_sha256sum: a13f68ce47a1362318629ba5b118a59fa98358bb18f4afc371ea15104f2881f3
|
||||||
|
|
||||||
|
nc_domain: www.example.com
|
||||||
|
nc_docroot: /var/www/nextcloud
|
||||||
|
nc_data: /var/www/nextcloud/data
|
||||||
|
|
||||||
|
nc_db: nextcloud
|
||||||
|
nc_db_user: nextcloud
|
||||||
|
nc_db_pass: nc+password
|
||||||
|
|
||||||
|
nc_admin: admin
|
||||||
|
nc_admin_pass: ncadmin+password
|
||||||
|
|
@ -109,6 +109,27 @@
|
|||||||
notify:
|
notify:
|
||||||
- Reload Apache
|
- Reload Apache
|
||||||
|
|
||||||
|
- name: Enable Apache Rewrite Module
|
||||||
|
apache2_module:
|
||||||
|
name: rewrite
|
||||||
|
state: present
|
||||||
|
notify:
|
||||||
|
- Reload Apache
|
||||||
|
|
||||||
|
- name: Enable Apache SSL Module
|
||||||
|
apache2_module:
|
||||||
|
name: ssl
|
||||||
|
state: present
|
||||||
|
notify:
|
||||||
|
- Reload Apache
|
||||||
|
|
||||||
|
- name: Enable Apache Headers Module
|
||||||
|
apache2_module:
|
||||||
|
name: headers
|
||||||
|
state: present
|
||||||
|
notify:
|
||||||
|
- Reload Apache
|
||||||
|
|
||||||
- name: Enable Site
|
- name: Enable Site
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/{{ nc_domain }}.conf
|
src: /etc/apache2/sites-available/{{ nc_domain }}.conf
|
||||||
@ -118,3 +139,4 @@
|
|||||||
group: root
|
group: root
|
||||||
notify:
|
notify:
|
||||||
- Reload Apache
|
- Reload Apache
|
||||||
|
|
||||||
|
@ -16,6 +16,19 @@
|
|||||||
|
|
||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName {{ nc_domain }}
|
ServerName {{ nc_domain }}
|
||||||
|
ServerAdmin {{ nc_admin }}
|
||||||
|
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName {{ nc_domain }}
|
||||||
|
|
||||||
ServerAdmin {{ nc_admin }}
|
ServerAdmin {{ nc_admin }}
|
||||||
DocumentRoot {{ nc_docroot }}
|
DocumentRoot {{ nc_docroot }}
|
||||||
@ -23,8 +36,17 @@
|
|||||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/{{ nc_domain }}/cert.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/{{ nc_domain }}/privkey.pem
|
||||||
|
SSLCertificateChainFile /etc/letsencrypt/live/{{ nc_domain }}/chain.pem
|
||||||
|
|
||||||
|
Protocols h2 http/1.1
|
||||||
|
|
||||||
|
Header always set Strict-Transport-Security "max-age=63072000"
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
|
|
||||||
<Directory {{ nc_docroot }}>
|
<Directory {{ nc_docroot }}>
|
||||||
Options Indexes FollowSymLinks
|
Options Indexes FollowSymLinks
|
||||||
AllowOverride All
|
AllowOverride All
|
||||||
@ -33,4 +55,13 @@
|
|||||||
php_value memory_limit 512M
|
php_value memory_limit 512M
|
||||||
</Directory>
|
</Directory>
|
||||||
|
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
SSLHonorCipherOrder off
|
||||||
|
SSLSessionTickets off
|
||||||
|
|
||||||
|
SSLUseStapling On
|
||||||
|
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
|
||||||
|
|
||||||
# vim: syntax=apache
|
# vim: syntax=apache
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user