forked from usegalaxy-eu/infrastructure-playbook
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtesting.yml
90 lines (83 loc) · 3.28 KB
/
testing.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
---
- hosts: testing
become: true
tasks:
vars_files:
- "secret_group_vars/ftp.yml"
- "secret_group_vars/all.yml"
vars:
hostname: testing.usegalaxy.eu
certbot_auto_renew: yes
certbot_auto_renew_user: root
certbot_auto_renew_hour: 17
certbot_auto_renew_minute: 28
certbot_environment: staging
certbot_domains:
- testing.usegalaxy.eu
- bravo.usegalaxy.eu
certbot_agree_tos: --agree-tos
certbot_admin_email: [email protected]
apache_remove_default_vhost: true
apache_mods_enabled:
- rewrite
- ssl
- headers
- proxy
- proxy_http
apache_vhosts:
- servername: "testing.usegalaxy.eu"
serveradmin: [email protected]
documentroot: "/var/www/html/"
extra_parameters: |
RewriteEngine on
RewriteCond %{SERVER_NAME} =testing.usegalaxy.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/testing.usegalaxy.eu-error.log
CustomLog ${APACHE_LOG_DIR}/testing.usegalaxy.eu-access.log combined
- servername: "bravo.usegalaxy.eu"
serveradmin: [email protected]
documentroot: "/var/www/html/"
extra_parameters: |
RewriteEngine on
RewriteCond %{SERVER_NAME} =bravo.usegalaxy.eu
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
ErrorLog ${APACHE_LOG_DIR}/bravo.usegalaxy.eu-error.log
CustomLog ${APACHE_LOG_DIR}/bravo.usegalaxy.eu-access.log combined
apache_vhosts_ssl:
- servername: "testing.usegalaxy.eu"
serveradmin: [email protected]
documentroot: "/var/www/html/"
apache_ssl_protocol: "All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
apache_ssl_cipher_suite: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
extra_parameters: |
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
certificate_file: "/etc/letsencrypt/live/testing.usegalaxy.eu/cert.pem"
certificate_key_file: "/etc/letsencrypt/live/testing.usegalaxy.eu/privkey.pem"
certificate_chain_file: "/etc/letsencrypt/live/testing.usegalaxy.eu/chain.pem"
- servername: "bravo.usegalaxy.eu"
serveradmin: [email protected]
documentroot: "/var/www/html/"
apache_ssl_protocol: "All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
apache_ssl_cipher_suite: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
apache_allow_override: "All"
apache_options: "-Indexes +FollowSymLinks"
extra_parameters: |
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
certificate_file: "/etc/letsencrypt/live/testing.usegalaxy.eu/cert.pem"
certificate_key_file: "/etc/letsencrypt/live/testing.usegalaxy.eu/privkey.pem"
certificate_chain_file: "/etc/letsencrypt/live/testing.usegalaxy.eu/chain.pem"
roles:
- hostname
- hxr.certbot
- geerlingguy.apache
#- jnv.unattended-upgrades
#- galaxy
#- galaxy-net
#- autofs
#- dj-wasabi.telegraf
#- dev-sec.os-hardening
#- dev-sec.ssh-hardening