Disable outdated TLS versions

hopefully this fixes git
This commit is contained in:
Salt 2020-06-04 19:35:59 -05:00
parent fa963a3adb
commit 3dc0af70d7
8 changed files with 11 additions and 1 deletions

View File

@ -1,4 +1,5 @@
#!/usr/bin/ansible-playbook #!/usr/bin/ansible-playbook
# vim:ft=ansible: # vim:ft=ansible:
backups_outdir: "/cold/backups" backups_outdir: "/cold/backups"
ssl_cipher_suite: "!SHA1:!SHA256:!SHA384" ssl_protocol: "all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
ssl_cipher_suite: "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\ <FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars SSLOptions +StdEnvVars

View File

@ -16,6 +16,7 @@ SSLProxyEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitea_url }} ServerName {{ gitea_url }}
DocumentRoot {{ gitea_webroot }} DocumentRoot {{ gitea_webroot }}

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitlab_url }} ServerName {{ gitlab_url }}
DocumentRoot {{ gitlab_webroot }} DocumentRoot {{ gitlab_webroot }}

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\ <FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars SSLOptions +StdEnvVars

View File

@ -16,6 +16,8 @@ SSLProxyEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ grafana_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ grafana_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ grafana_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ grafana_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ grafana_url }}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ grafana_url }}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ grafana_url }} ServerName {{ grafana_url }}
DocumentRoot {{ grafana_webroot }} DocumentRoot {{ grafana_webroot }}
<Directory "{{ grafana_webroot }}"> <Directory "{{ grafana_webroot }}">

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }} SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\ <FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars SSLOptions +StdEnvVars

View File

@ -15,6 +15,8 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ redirect_from }}.crt SSLCertificateFile /etc/pki/cert/crt/{{ redirect_from }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ redirect_from }}.key SSLCertificateKeyFile /etc/pki/cert/private/{{ redirect_from }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ redirect_from}}-fullchain.crt SSLCertificateChainFile /etc/pki/cert/crt/{{ redirect_from}}-fullchain.crt
SSLProtocol {{ ssl_protocol }}
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ redirect_from }} ServerName {{ redirect_from }}
Redirect permanent / https://{{ redirect_to }}/ Redirect permanent / https://{{ redirect_to }}/
</VirtualHost> </VirtualHost>