34 lines
907 B
YAML
34 lines
907 B
YAML
---
|
|
- name: Secure Nginx Web Server
|
|
hosts: your_web_server
|
|
become: yes
|
|
tasks:
|
|
- name: Copy nginx configuration file with XSS protection and dot file access denial
|
|
template:
|
|
src: nginx_secure_config.j2
|
|
dest: /etc/nginx/sites-available/default
|
|
notify:
|
|
- Reload Nginx
|
|
|
|
- name: Ensure nginx snakeoil.conf is included
|
|
lineinfile:
|
|
path: /etc/nginx/sites-available/default
|
|
regexp: '^include snippets/snakeoil.conf;'
|
|
line: 'include snippets/snakeoil.conf;'
|
|
notify:
|
|
- Reload Nginx
|
|
|
|
- name: Ensure nginx PHP location is configured correctly
|
|
lineinfile:
|
|
path: /etc/nginx/sites-available/default
|
|
regexp: '^location ~ \.php\$ {'
|
|
line: 'location ~ \.php$ {'
|
|
notify:
|
|
- Reload Nginx
|
|
|
|
handlers:
|
|
- name: Reload Nginx
|
|
systemd:
|
|
name: nginx
|
|
state: restarted
|