mono-infrastructure/ansible/playbooks/vars/ipsilon.yml

67 lines
2.4 KiB
YAML
Raw Permalink Normal View History

2020-12-14 09:01:23 +00:00
---
# Vars for ipsilon
2021-01-18 03:46:06 +00:00
ipsilon_fqdn: accounts.rockylinux.org
2020-12-14 09:01:23 +00:00
ipsilon_databases:
- name: rockyipsilon
ipsilon_database_users:
- name: ipsilon
host: "localhost"
password: "{{ ipsilon_db_password }}"
priv: "rockyipsilon.*:ALL"
ipsilon_db_user: ipsilon
ipsilon_db_name: rockyipsilon
ipsilon_httpd_hostname: "{{ inventory_hostname }}"
2020-12-14 09:01:23 +00:00
# apache configuration for ipsilon
2021-01-05 20:46:08 +00:00
apache_configure: false
2020-12-14 09:01:23 +00:00
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts_ipsilon.conf"
apache_ssl_protocol: "PROFILE=SYSTEM"
apache_ssl_cipher_suite: "PROFILE=SYSTEM"
# Setting this to true for now until we have certificates. The parameters will
# be certificate_file, certificate_key_file, and certificate_chain_file
apache_ignore_missing_ssl_certificate: true
apache_vhosts:
2021-01-04 19:31:13 +00:00
- servername: "{{ ipsilon_fqdn }}"
2020-12-14 09:01:23 +00:00
documentroot: /var/www/html
serveradmin: identitymanagement@rockylinux.org
extra_parameters: |
2021-01-04 19:31:13 +00:00
CustomLog logs/{{ ipsilon_fqdn }}_access.log combined
ErrorLog logs/{{ ipsilon_fqdn }}_error.log
2020-12-14 09:01:23 +00:00
AccessFileName .htaccess
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
RewriteEngine On
RewriteCond $1 !^.well-known
RewriteCond %{HTTPS} !=on
2021-01-04 19:31:13 +00:00
RewriteRule ^/?(.*) https://{{ ipsilon_fqdn }}/$1 [R,L]
- servername: "{{ ipsilon_fqdn }}"
2020-12-14 09:01:23 +00:00
documentroot: /var/www/html
serveradmin: identitymanagement@rockylinux.org
extra_parameters: |
RewriteEngine On
RewriteCond $1 !^idp
RewriteRule ^/?(.*) https://%{SERVER_NAME}/idp [R,L]
Header always set Strict-Transport-Security "max-age=31536000"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
2021-01-04 19:31:13 +00:00
ErrorLog logs/ssl-{{ ipsilon_fqdn }}_error.log
TransferLog logs/ssl-{{ ipsilon_fqdn }}_access.log
2020-12-14 09:01:23 +00:00
LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog logs/ssl-seven.rockylinux.org.org_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
...