Erweitere Apache-Konfiguration

2021-07-28 09:56:47 +02:00 · 2021-07-28 09:56:47 +02:00 · c75ad08f1a
parent 3ea27a7426
commit c75ad08f1a
3 changed files with 19 additions and 0 deletions
--- a/files/add-headers.conf
+++ b/files/add-headers.conf
@ -0,0 +1 @@
+Header always set Strict-Transport-Security "max-age=63072000"
--- a/files/ssl.conf
+++ b/files/ssl.conf
@ -0,0 +1,10 @@
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder     off
+SSLCompression          off
+SSLSessionTickets       off
+SSLUseStapling          on
+SSLStaplingResponderTimeout 5
+SSLStaplingReturnResponderErrors off
+SSLStaplingCache        shmcb:/var/run/ocsp(32768)
+SSLOpenSSLConfCmd       DHParameters /etc/ssl/dhparams.pem
--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@ -8,3 +8,11 @@
 - name: "configuration: Deaktiviere access-Logs"
  command: a2disconf other-vhosts-access-log
  notify: reload apache2
+
+- name: "configuration: Kopiere Dateien"
+  copy:
+    src: "{{ item }}"
+    dest: "/etc/apache2/conf-available/{{ item }}"
+  loop:
+    - add-headers.conf
+    - ssl.conf
				`@ -0,0 +1 @@`
				`Header always set Strict-Transport-Security "max-age=63072000"`