preparing account services

This commit is contained in:
nazunalika 2021-01-04 12:31:13 -07:00
parent 6c05b159cc
commit 786be11457

View File

@ -1,5 +1,6 @@
--- ---
# Vars for ipsilon # Vars for ipsilon
ipsilon_fqdn: idp.rockylinux.org
ipsilon_databases: ipsilon_databases:
- name: rockyipsilon - name: rockyipsilon
@ -24,12 +25,12 @@ apache_ssl_cipher_suite: "PROFILE=SYSTEM"
# be certificate_file, certificate_key_file, and certificate_chain_file # be certificate_file, certificate_key_file, and certificate_chain_file
apache_ignore_missing_ssl_certificate: true apache_ignore_missing_ssl_certificate: true
apache_vhosts: apache_vhosts:
- servername: "{{ inventory_hostname }}" - servername: "{{ ipsilon_fqdn }}"
documentroot: /var/www/html documentroot: /var/www/html
serveradmin: identitymanagement@rockylinux.org serveradmin: identitymanagement@rockylinux.org
extra_parameters: | extra_parameters: |
CustomLog logs/{{ inventory_hostname }}_access.log combined CustomLog logs/{{ ipsilon_fqdn }}_access.log combined
ErrorLog logs/{{ inventory_hostname }}_error.log ErrorLog logs/{{ ipsilon_fqdn }}_error.log
AccessFileName .htaccess AccessFileName .htaccess
Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block" Header always set X-Xss-Protection "1; mode=block"
@ -38,8 +39,8 @@ apache_vhosts:
RewriteEngine On RewriteEngine On
RewriteCond $1 !^.well-known RewriteCond $1 !^.well-known
RewriteCond %{HTTPS} !=on RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://{{ inventory_hostname }}/$1 [R,L] RewriteRule ^/?(.*) https://{{ ipsilon_fqdn }}/$1 [R,L]
- servername: "{{ inventory_hostname }}" - servername: "{{ ipsilon_fqdn }}"
documentroot: /var/www/html documentroot: /var/www/html
serveradmin: identitymanagement@rockylinux.org serveradmin: identitymanagement@rockylinux.org
extra_parameters: | extra_parameters: |
@ -50,8 +51,8 @@ apache_vhosts:
Header always set X-Xss-Protection "1; mode=block" Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff" Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin" Header always set Referrer-Policy "same-origin"
ErrorLog logs/ssl-{{ inventory_hostname }}_error.log ErrorLog logs/ssl-{{ ipsilon_fqdn }}_error.log
TransferLog logs/ssl-{{ inventory_hostname }}_access.log TransferLog logs/ssl-{{ ipsilon_fqdn }}_access.log
LogLevel warn LogLevel warn
<Files ~ "\.(cgi|shtml|phtml|php3?)$"> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars SSLOptions +StdEnvVars