mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
Merge pull request #14961 from rocky-linux/develop
Develop - Small fixes for prep and rollout
This commit is contained in:
commit
2149224162
@ -6,4 +6,4 @@ rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
|
||||
# Requires jinja 2.9+
|
||||
rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
|
||||
# This will need to be vaulted
|
||||
# rocky_ldap_bind_pw: "ThisIsNotThePassword!"
|
||||
rocky_ldap_bind_pw: "{{ ipa_binder_password }}"
|
||||
|
@ -63,7 +63,7 @@ gitlab_nginx_listen_https: "false"
|
||||
|
||||
gitlab_default_theme: 2
|
||||
|
||||
gitlab_external_db: false
|
||||
gitlab_external_db: true
|
||||
gitlab_external_db_host: db.rockylinux.org
|
||||
gitlab_external_db_user: gitlab
|
||||
gitlab_external_db_password: gitlab
|
||||
gitlab_external_db_password: "{{ gitlab_db_pass }}"
|
||||
|
@ -1,5 +1,6 @@
|
||||
---
|
||||
# Vars for ipsilon
|
||||
ipsilon_fqdn: idp.rockylinux.org
|
||||
ipsilon_databases:
|
||||
- name: rockyipsilon
|
||||
|
||||
@ -24,12 +25,12 @@ apache_ssl_cipher_suite: "PROFILE=SYSTEM"
|
||||
# be certificate_file, certificate_key_file, and certificate_chain_file
|
||||
apache_ignore_missing_ssl_certificate: true
|
||||
apache_vhosts:
|
||||
- servername: "{{ inventory_hostname }}"
|
||||
- servername: "{{ ipsilon_fqdn }}"
|
||||
documentroot: /var/www/html
|
||||
serveradmin: identitymanagement@rockylinux.org
|
||||
extra_parameters: |
|
||||
CustomLog logs/{{ inventory_hostname }}_access.log combined
|
||||
ErrorLog logs/{{ inventory_hostname }}_error.log
|
||||
CustomLog logs/{{ ipsilon_fqdn }}_access.log combined
|
||||
ErrorLog logs/{{ ipsilon_fqdn }}_error.log
|
||||
AccessFileName .htaccess
|
||||
Header always set X-Frame-Options "SAMEORIGIN"
|
||||
Header always set X-Xss-Protection "1; mode=block"
|
||||
@ -38,8 +39,8 @@ apache_vhosts:
|
||||
RewriteEngine On
|
||||
RewriteCond $1 !^.well-known
|
||||
RewriteCond %{HTTPS} !=on
|
||||
RewriteRule ^/?(.*) https://{{ inventory_hostname }}/$1 [R,L]
|
||||
- servername: "{{ inventory_hostname }}"
|
||||
RewriteRule ^/?(.*) https://{{ ipsilon_fqdn }}/$1 [R,L]
|
||||
- servername: "{{ ipsilon_fqdn }}"
|
||||
documentroot: /var/www/html
|
||||
serveradmin: identitymanagement@rockylinux.org
|
||||
extra_parameters: |
|
||||
@ -50,8 +51,8 @@ apache_vhosts:
|
||||
Header always set X-Xss-Protection "1; mode=block"
|
||||
Header always set X-Content-Type-Options "nosniff"
|
||||
Header always set Referrer-Policy "same-origin"
|
||||
ErrorLog logs/ssl-{{ inventory_hostname }}_error.log
|
||||
TransferLog logs/ssl-{{ inventory_hostname }}_access.log
|
||||
ErrorLog logs/ssl-{{ ipsilon_fqdn }}_error.log
|
||||
TransferLog logs/ssl-{{ ipsilon_fqdn }}_access.log
|
||||
LogLevel warn
|
||||
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
||||
SSLOptions +StdEnvVars
|
||||
|
@ -22,3 +22,6 @@ koji_db_pass: !vault |
|
||||
pubsub_federation_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
REDACTED
|
||||
gitlab_db_pass: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
REDACTED
|
||||
|
Loading…
Reference in New Issue
Block a user