Update to 2021-09-26 22:00

master
Daniel Berteaud 3 years ago
parent b2b6205978
commit 53d0cf9ae9
  1. 4
      roles/nginx/defaults/main.yml
  2. 3
      roles/nginx/templates/ansible_conf.d/10-ssl.conf.j2
  3. 1
      roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2
  4. 1
      roles/squid/files/acl/software_almalinux.domains

@ -87,8 +87,8 @@ nginx_default_vhost: "{{ nginx_default_vhost_base | combine(nginx_default_vhost_
# List of IP addresses which won't be affected by maintenance redirections # List of IP addresses which won't be affected by maintenance redirections
nginx_maintenance_ip: [] nginx_maintenance_ip: []
nginx_ssl_ciphers_modern: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256' nginx_ssl_ciphers_modern: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
nginx_ssl_ciphers_compat: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS' nginx_ssl_ciphers_compat: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA'
nginx_ssl_protocols: nginx_ssl_protocols:
- TLSv1.2 - TLSv1.2
- TLSv1.3 - TLSv1.3

@ -1,8 +1,9 @@
ssl_certificate {{ nginx_cert_path }}; ssl_certificate {{ nginx_cert_path }};
ssl_certificate_key {{ nginx_key_path }}; ssl_certificate_key {{ nginx_key_path }};
ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_ciphers {{ nginx_ssl_ciphers_compat }}; ssl_ciphers {{ nginx_ssl_ciphers_modern }};
ssl_protocols {{ nginx_ssl_protocols | join(' ') }}; ssl_protocols {{ nginx_ssl_protocols | join(' ') }};
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1h; ssl_session_timeout 1h;
ssl_session_tickets off; ssl_session_tickets off;

@ -43,6 +43,7 @@ server {
ssl_protocols TLSv1.2 TLSv1.3; ssl_protocols TLSv1.2 TLSv1.3;
{% endif %} {% endif %}
{% endif %} {% endif %}
ssl_prefer_server_ciphers on;
server_name {{ vhost.name }} {{ vhost.aliases | join(' ') }}; server_name {{ vhost.name }} {{ vhost.aliases | join(' ') }};

@ -8,3 +8,4 @@ almalinux.mirror.liteserver.nl
almalinux.uib.no almalinux.uib.no
almalinux.slaskdatacenter.com almalinux.slaskdatacenter.com
almalinux.mirror.katapult.io almalinux.mirror.katapult.io
alma.mirror.ate.info

Loading…
Cancel
Save