Erweitere Apache-Konfiguration
This commit is contained in:
parent
3ea27a7426
commit
c75ad08f1a
3 changed files with 19 additions and 0 deletions
1
files/add-headers.conf
Normal file
1
files/add-headers.conf
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
Header always set Strict-Transport-Security "max-age=63072000"
|
||||||
10
files/ssl.conf
Normal file
10
files/ssl.conf
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||||
|
SSLHonorCipherOrder off
|
||||||
|
SSLCompression off
|
||||||
|
SSLSessionTickets off
|
||||||
|
SSLUseStapling on
|
||||||
|
SSLStaplingResponderTimeout 5
|
||||||
|
SSLStaplingReturnResponderErrors off
|
||||||
|
SSLStaplingCache shmcb:/var/run/ocsp(32768)
|
||||||
|
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparams.pem
|
||||||
|
|
@ -8,3 +8,11 @@
|
||||||
- name: "configuration: Deaktiviere access-Logs"
|
- name: "configuration: Deaktiviere access-Logs"
|
||||||
command: a2disconf other-vhosts-access-log
|
command: a2disconf other-vhosts-access-log
|
||||||
notify: reload apache2
|
notify: reload apache2
|
||||||
|
|
||||||
|
- name: "configuration: Kopiere Dateien"
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "/etc/apache2/conf-available/{{ item }}"
|
||||||
|
loop:
|
||||||
|
- add-headers.conf
|
||||||
|
- ssl.conf
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue