34 lines
907 B
YAML
34 lines
907 B
YAML
|
---
|
||
|
- name: Secure Nginx Web Server
|
||
|
hosts: your_web_server
|
||
|
become: yes
|
||
|
tasks:
|
||
|
- name: Copy nginx configuration file with XSS protection and dot file access denial
|
||
|
template:
|
||
|
src: nginx_secure_config.j2
|
||
|
dest: /etc/nginx/sites-available/default
|
||
|
notify:
|
||
|
- Reload Nginx
|
||
|
|
||
|
- name: Ensure nginx snakeoil.conf is included
|
||
|
lineinfile:
|
||
|
path: /etc/nginx/sites-available/default
|
||
|
regexp: '^include snippets/snakeoil.conf;'
|
||
|
line: 'include snippets/snakeoil.conf;'
|
||
|
notify:
|
||
|
- Reload Nginx
|
||
|
|
||
|
- name: Ensure nginx PHP location is configured correctly
|
||
|
lineinfile:
|
||
|
path: /etc/nginx/sites-available/default
|
||
|
regexp: '^location ~ \.php\$ {'
|
||
|
line: 'location ~ \.php$ {'
|
||
|
notify:
|
||
|
- Reload Nginx
|
||
|
|
||
|
handlers:
|
||
|
- name: Reload Nginx
|
||
|
systemd:
|
||
|
name: nginx
|
||
|
state: restarted
|