AFPy/infra
AFPy/infra
9
0
Fork 2
Code Issues 5 Pull Requests Projects Releases Wiki Activity
main
infra/roles/nginx/README.md
Julien Palard b2af1120f9
Update SSL config. 
While proofreading the config, and checking if it was up to date
according to:

- Mozilla recommandations
- SSLtest
- testssl.sh

I spotted an issue in the HSTS header:

$ curl -I https://afpy.org
[...]
Strict-Transport-Security: max-age=63072000; always

the `always` part is an nginx config token, not a cookie value.

So I simplified the conf so we can more easily copy/paste from Mozilla
generator, which obviously removed the bug.
2023-01-13 17:16:49 +01:00

754 B
Raw Permalink Blame History

Nginx with Letsencrypt

This role sets up nginx with letsencrypt (using DNS-01 with Gandi API) .

Role Variables

The mandatory variables are:

  • admin_email: For letsencrypt.
  • gandi_api_key (see doc).
  • nginx_certificates: A list of domain to put in this certificate.
  • nginx_domain: Used for file names, certificate name, and default server_name if no nginx_conf is given.
  • nginx_conf: The nginx config.

Optional variables are:

  • nginx_owner: If a unix user has to be created for this project.
  • nginx_path: To create a directory owned by nginx_owner.
  • certbot_authenticator: Defaults to gandi, can use nginx.

Author Information

Julien Palard — https://mdk.fr