158:5fcf0955129c
Anton Shestakov <av6@dwimlabs.net>, Tue, 31 Oct 2017 12:53:48 +0800
provision: add CSP header, *-src are either 'self' or 'none'

previous change 108:f24c7fee1b0d

provision/roles/nginx/tasks/main.yml

Permissions: -rw-r--r--

Other formats: Feeds:
---
- name: Install package
apt:
pkg: nginx
state: present
- name: Create a Diffie-Hellman key exchange parameters file
command: >
openssl dhparam
{% if ansible_virtualization_type == "virtualbox" %}-dsaparam{% endif %}
-out /etc/nginx/dh-2048.pem
2048
args:
creates: /etc/nginx/dh-2048.pem
notify:
- restart nginx
- name: Allow HTTP and HTTPS
ufw:
rule: allow
name: '{{ item }}'
with_items:
- Nginx HTTP
- Nginx HTTPS
tags: [ufw]
...