diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/defaults/main.yml b/defaults/main.yml old mode 100644 new mode 100755 index f0bda61..a199854 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,7 +9,7 @@ nginx_ppa_version: stable # The name of the nginx apt/yum package to install. nginx_package_name: "nginx" -nginx_worker_processes: "1" +nginx_worker_processes: "auto" nginx_worker_connections: "1024" nginx_multi_accept: "off" diff --git a/handlers/main.yml b/handlers/main.yml old mode 100644 new mode 100755 diff --git a/meta/main.yml b/meta/main.yml old mode 100644 new mode 100755 diff --git a/tasks/main.yml b/tasks/main.yml old mode 100644 new mode 100755 index 2363838..d0d9ef8 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -35,5 +35,15 @@ notify: - reload nginx +- name: Copy headers config file in place. + template: + src: headers.conf.j2 + dest: "{{ nginx_conf_path }}" + owner: root + group: "{{ root_group }}" + mode: 0644 + notify: + - reload nginx + - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-FreeBSD.yml b/tasks/setup-FreeBSD.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-Ubuntu.yml b/tasks/setup-Ubuntu.yml old mode 100644 new mode 100755 diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml old mode 100644 new mode 100755 index 1be6394..e3dbdc7 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -1,4 +1,8 @@ --- +- name: Creates Nginx conf directories + file: path={{ nginx_vhost_path }} state=directory mode=0755 recurse=yes + when: nginx_vhosts|length > 0 + - name: Remove default nginx vhost config file (if configured). file: path: "{{ nginx_default_vhost_path }}" @@ -16,6 +20,12 @@ notify: - reload nginx +- name: Creates Nginx vhost directory + file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ php_fpm_pool_user }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes + when: nginx_vhosts|length > 0 + notify: + - reload nginx + - name: Remove managed vhost config file (if no vhosts are configured). file: path: "{{ nginx_vhost_path }}/{{ nginx_vhosts_filename }}" diff --git a/templates/headers.conf.j2 b/templates/headers.conf.j2 new file mode 100644 index 0000000..3dc3b46 --- /dev/null +++ b/templates/headers.conf.j2 @@ -0,0 +1,7 @@ +{% if nginx_bigpipe_enable %} + add_header X-Accel-Buffering: no; +{% endif %} +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 old mode 100644 new mode 100755 index e9499e7..86eda73 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -35,7 +35,7 @@ http { keepalive_timeout {{ nginx_keepalive_timeout }}; keepalive_requests {{ nginx_keepalive_requests }}; - #gzip on; + gzip on; {% if nginx_proxy_cache_path %} proxy_cache_path {{ nginx_proxy_cache_path }}; diff --git a/templates/nginx.repo.j2 b/templates/nginx.repo.j2 old mode 100644 new mode 100755 diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 old mode 100644 new mode 100755 diff --git a/tests/inventory b/tests/inventory old mode 100644 new mode 100755 diff --git a/tests/test.yml b/tests/test.yml old mode 100644 new mode 100755 diff --git a/vars/Debian.yml b/vars/Debian.yml old mode 100644 new mode 100755 diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml old mode 100644 new mode 100755 diff --git a/vars/RedHat.yml b/vars/RedHat.yml old mode 100644 new mode 100755