WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-05-03 22:30:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
23,061 Commits 9 Branches 0 Tags
2bc9ab059f4baab034dafd062dba9dfd50ec2c4e
Commit Graph

51 Commits

Author SHA1 Message Date
Kevin Fenzi
1bb844c9f0 disable h2 again for now until we can get curl fixed in f28 and f27 to handle correctly h2 goaway responses. See d122df5972 and https://bugzilla.redhat.com/show_bug.cgi?id=1585797 and https://pagure.io/releng/issue/7550 2018-06-04 19:07:58 +00:00
Rick Elrod
4b73050b9f Merge branch 'letsencrypt' 2018-06-01 19:18:27 +00:00
Patrick Uiterwijk
a069f698d3 Paste should not be indexed by engines 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-05-19 22:15:25 +02:00
Ricky Elrod
5900f6e6c2 First go at letsencrypt automation 
Signed-off-by: Ricky Elrod <relrod@redhat.com>
 2018-05-17 05:07:56 +00:00
Patrick Uiterwijk
be40a2bd4e Enable h2 for httpd/website 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-04-17 23:50:24 +02:00
Ricky Elrod
19ce8c8a05 change name to site_name in our proxy roles.... 
Signed-off-by: Ricky Elrod <relrod@redhat.com>
 2018-04-11 21:53:06 +00:00
Till Maas
8f7acb0dde Increase HSTS max age to one year 
The HSTS preload list requires this now: https://hstspreload.org/
 2018-02-07 12:42:36 +01:00
Patrick Uiterwijk
5f4ea314a0 Also disable h2 here 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2018-01-05 14:45:33 +00:00
Ralph Bean
e4e83fb43b Tag this task. 2017-12-06 20:38:28 +00:00
Ralph Bean
a654c55201 Add pkgdb to robots.txt. 2017-12-06 20:37:44 +00:00
Patrick Uiterwijk
e1bb4e64a4 Do not includeSubDomains for id.fp.o STS 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-24 22:49:05 +00:00
Patrick Uiterwijk
de010afa89 Enable h2 in production 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-22 15:03:06 +00:00
Patrick Uiterwijk
0f94698922 Enable h2 for proxies and also h2c for Fedora app servers 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-11-21 21:16:27 +00:00
Patrick Uiterwijk
6d2b69b7d2 Be slightly more permissive 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-17 08:46:40 +00:00
Patrick Uiterwijk
a48f48d911 Who am I kidding? Nobody's going to report these failures.. 
This reverts commit f3fbcce829.
 2017-10-16 22:13:07 +00:00
Patrick Uiterwijk
f3fbcce829 Thse two headers should be fine, but let's test them in staging first 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-16 22:11:35 +00:00
Patrick Uiterwijk
9245388053 Add securityheades to websites 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-10-16 21:47:06 +00:00
Patrick Uiterwijk
e7411874fe Do not httpd-redirect for acme challenges 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-09-14 09:25:05 +00:00
Patrick Uiterwijk
b373d2d597 Revert "Do not httpd-redirect for acme challenges" Not yet +2 FBR 
This reverts commit fd0a29275a.
 2017-09-09 23:58:12 +00:00
Patrick Uiterwijk
fd0a29275a Do not httpd-redirect for acme challenges 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-09-09 23:42:19 +00:00
Patrick Uiterwijk
863dffdb66 Allow setting up a vhost for certgetter 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-09-09 23:27:40 +00:00
Patrick Uiterwijk
323dfd93ec Revert "Deploy httpd config to prevent varnish attacks" 
This reverts commit ef52ab8e89.
 2017-08-02 21:08:29 +00:00
Patrick Uiterwijk
ef52ab8e89 Deploy httpd config to prevent varnish attacks 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2017-08-02 17:29:00 +00:00
Michael Simacek
adade90a2c Disallow robots from expensive queries on koschei 2017-02-24 16:02:40 +01:00
Stephen Smoogen
a59950b213 make a small set of changes before too many 2017-02-01 23:39:23 +00:00
Kevin Fenzi
1effd347df Setup a proxyreload for httpd that looks for the ticketkey. If it's not there, assume the proxy is just being configured and don't reload httpd. 2016-12-01 21:36:07 +00:00
Patrick Uiterwijk
f1dd7a7432 Unify all ssl cipher suite configurations 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-08-31 19:28:26 +00:00
Kevin Fenzi
3b40f60873 Try moving this to defaults instead of vars. 2016-05-26 16:22:55 +00:00
Patrick Uiterwijk
ac83211407 Indexing /datagrepper is useless 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2016-02-11 13:19:26 +00:00
Patrick Uiterwijk
08568865fe Replace all restart httpd with reload httpd 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-11-04 23:40:01 +00:00
Patrick Uiterwijk
25f71933ab Robots have no use in fedoracommunity as its just an aggregator 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-09-16 11:50:59 +00:00
Kevin Fenzi
4f2d7f0362 Just disallow /updates. Not much point in bodhi updates being in search engines. 2015-04-23 15:01:16 +00:00
Patrick Uiterwijk
88cc733244 Also tell riddler we don't like them 2015-04-23 14:50:53 +00:00
Patrick Uiterwijk
141cc34862 Remove ip-specific listening 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
 2015-03-30 21:47:11 +00:00
Till Maas
2ac8a57d05 Set HSTS header in TLS vhost 2015-02-12 21:52:36 +01:00
Till Maas
ce8655f7d1 Set HSTS for sslonly websites in roles/httpd/reverseproxy 2015-02-12 21:41:27 +01:00
Kevin Fenzi
09fb09d20d Drop crawl-delay down to 1 2015-01-29 00:00:21 +00:00
Ralph Bean
4af47a45c3 Default the ssl chain file to wildcard-2014.fedoraproject.org.intermediate.cert. 2015-01-20 14:34:02 +00:00
Ralph Bean
8320ac0165 Try to complain if ips or cert_name are not specified. 2015-01-19 19:28:33 +00:00
Ralph Bean
5e1d2fc494 Specify setype for robots.txt. 2015-01-06 21:21:31 +00:00
Ralph Bean
2425612a6c Revert "Whitespace." 
This reverts commit 42775091aa.
 2015-01-06 14:45:42 +00:00
Ralph Bean
01cfdf12fb Revert "Trying to match whitespace......." 
This reverts commit f8733de4e5.
 2015-01-06 14:45:27 +00:00
Ralph Bean
f8733de4e5 Trying to match whitespace....... 2015-01-06 14:41:37 +00:00
Ralph Bean
42775091aa Whitespace. 2015-01-06 14:38:47 +00:00
Ralph Bean
b42dec0eff Whitespace. 2014-12-08 00:14:23 +00:00
Ralph Bean
c2956c2598 Use jinja filter here. 2014-12-07 23:58:30 +00:00
Ralph Bean
d0cee5b994 s/end/endif/g 2014-12-07 23:55:21 +00:00
Ralph Bean
ed909fd8f8 Ruby in my templates? No, thanks. 2014-12-07 23:54:13 +00:00
Ralph Bean
9a8f293c29 Add forgotten conf. 2014-12-07 23:47:25 +00:00
Ralph Bean
4165c45203 Fixing, fixing. 2014-12-07 23:43:38 +00:00