Roll out new cipher suites

This commit is contained in:
Salt 2020-06-03 06:07:11 -05:00
parent 00b88ad647
commit d7f34587be
6 changed files with 6 additions and 0 deletions

View File

@ -1,3 +1,4 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
backups_outdir: "/cold/backups"
ssl_cipher_suite: "!SHA1:!SHA256:!SHA384"

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ dokuwiki_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ dokuwiki_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ dokuwiki_url}}-fullchain.crt
SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>

View File

@ -16,6 +16,7 @@ SSLProxyEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ gitea_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitea_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitea_url }}-fullchain.crt
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitea_url }}
DocumentRoot {{ gitea_webroot }}
<Directory "{{ gitea_webroot }}">

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ gitlab_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitlab_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitlab_url }}-fullchain.crt
SSLCipherSuite {{ ssl_cipher_suite }}
ServerName {{ gitlab_url }}
DocumentRoot {{ gitlab_webroot }}
<Directory "{{ gitlab_webroot }}">

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt
SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>

View File

@ -14,6 +14,7 @@ SSLStrictSNIVHostCheck off
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ nextcloud_url}}-fullchain.crt
SSLCipherSuite {{ ssl_cipher_suite }}
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>