infra/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add security.txt

Browse source
This commit is contained in:
psy 2024-04-21 11:12:36 +02:00
parent cd5d0b8232
commit 999ad37b11
No known key found for this signature in database
GPG key ID: 30546501FF65B1A5
2 changed files with 13 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -35,6 +35,12 @@ force_ssl: True
# generate a self signed certificate as default ssl cert # generate a self signed certificate as default ssl cert
snakeoil_default: False snakeoil_default: False
# if set, nginx will render the content at /.well-known/security.txt
# see https://www.rfc-editor.org/rfc/rfc9116 for valid fields
security.txt: |
Contact: mailto:security@example.com
Expires: 2024-04-20T23:42:00.000Z
# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs # install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition # either "False", "True" or a dict *phpconfig*, see below for definition
php: False php: False

7
templates/vhost.conf.j2
View file

@ -113,6 +113,13 @@ server {
{% endif %} {% endif %}
{% if nginx.security_txt is defined %}
location /.well-known/security.txt {
add_header Content-Type text/plain;
return 200 "{{ nginx.security_txt | replace('\n', '\\n') }}";
}
{% endif %}
{% if vhost.auth.enable %} {% if vhost.auth.enable %}
auth_basic "restricted area"; auth_basic "restricted area";
auth_basic_user_file {{ vhost.auth.path }}; auth_basic_user_file {{ vhost.auth.path }};