#2931 -- Add explicit SSL cipher rules for Ansible nginx installs.
This commit is contained in:
parent
0855990522
commit
7810d2a59a
|
@ -35,7 +35,7 @@ else
|
|||
fi
|
||||
|
||||
APP_ENV="${APP_ENV:-production}"
|
||||
UPDATE_REVISION="${UPDATE_REVISION:-53}"
|
||||
UPDATE_REVISION="${UPDATE_REVISION:-54}"
|
||||
|
||||
echo "Updating AzuraCast (Environment: $APP_ENV, Update revision: $UPDATE_REVISION)"
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{% if ansible_distribution_release == 'bionic' %}
|
||||
{% if ansible_distribution_release != 'xenial' %}
|
||||
upstream redis_server {
|
||||
nchan_redis_server "redis://localhost:6379";
|
||||
}
|
||||
|
@ -27,6 +27,9 @@ server {
|
|||
|
||||
ssl_certificate /etc/nginx/ssl/server.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/server.key;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
root {{ app_base }}/www/web;
|
||||
index index.php;
|
||||
|
@ -113,7 +116,7 @@ server {
|
|||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
|
||||
{% if ansible_distribution_release == 'bionic' %}
|
||||
{% if ansible_distribution_release != 'xenial' %}
|
||||
# pub/sub endpoints
|
||||
location ~ /api/live/nowplaying/(\w+)$ {
|
||||
nchan_subscriber;
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
- { role: azuracast-radio, when: update_revision|int < 53 }
|
||||
- { role: supervisord, when: update_revision|int < 13 }
|
||||
- { role: mariadb, when: update_revision|int < 15 }
|
||||
- { role: nginx, when: update_revision|int < 49 }
|
||||
- { role: nginx, when: update_revision|int < 54 }
|
||||
- { role: redis, when: update_revision|int < 14 }
|
||||
- { role: php, when: update_revision|int < 50 }
|
||||
- composer
|
||||
|
|
Loading…
Reference in New Issue