Erweitere Apache-Konfiguration

This commit is contained in:
phil 2021-07-28 09:56:47 +02:00
parent 3ea27a7426
commit c75ad08f1a
3 changed files with 19 additions and 0 deletions

1
files/add-headers.conf Normal file
View file

@ -0,0 +1 @@
Header always set Strict-Transport-Security "max-age=63072000"

10
files/ssl.conf Normal file
View file

@ -0,0 +1,10 @@
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLStaplingCache shmcb:/var/run/ocsp(32768)
SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparams.pem

View file

@ -8,3 +8,11 @@
- name: "configuration: Deaktiviere access-Logs" - name: "configuration: Deaktiviere access-Logs"
command: a2disconf other-vhosts-access-log command: a2disconf other-vhosts-access-log
notify: reload apache2 notify: reload apache2
- name: "configuration: Kopiere Dateien"
copy:
src: "{{ item }}"
dest: "/etc/apache2/conf-available/{{ item }}"
loop:
- add-headers.conf
- ssl.conf