summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2023-01-07 14:40:22 -0300
committerSilvio Rhatto <rhatto@riseup.net>2023-01-07 14:40:22 -0300
commit1e03648387cf5efb9b7fdf99366b2d8a1f8d8ea0 (patch)
tree6fa416548285f6deaedc54cd046c5eabbe769587
parentb6a39e149bd9e8ff6130e8f4fb8bd1f6353b7d31 (diff)
downloadpuppet-nginx-1e03648387cf5efb9b7fdf99366b2d8a1f8d8ea0.tar.gz
puppet-nginx-1e03648387cf5efb9b7fdf99366b2d8a1f8d8ea0.tar.bz2
Adds x_frame_options and fix other paramsHEADmaster
-rw-r--r--manifests/site.pp47
-rw-r--r--manifests/site/config.pp18
-rw-r--r--templates/site-ssl.erb2
3 files changed, 40 insertions, 27 deletions
diff --git a/manifests/site.pp b/manifests/site.pp
index 983fc88..4455f45 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,16 +1,17 @@
define nginx::site(
- $ensure = present,
- $ssl = present,
- $source = 'template',
- $certbot = true,
- $template = 'site',
- $backend = 'weblocal',
- $aliases = "*.${name}",
- $cache = false,
- $cache_levels = '1:2',
- $cache_size = '10m',
- $cache_inactive = '600s',
- $cache_max_size = '1m',
+ $ensure = present,
+ $ssl = present,
+ $source = 'template',
+ $certbot = true,
+ $template = 'site',
+ $backend = 'weblocal',
+ $aliases = "*.${name}",
+ $cache = false,
+ $cache_levels = '1:2',
+ $cache_size = '10m',
+ $cache_inactive = '600s',
+ $cache_max_size = '1m',
+ $x_frame_options = 'DENY',
) {
nginx::site::config { $name:
ensure => $ensure,
@@ -32,17 +33,23 @@ define nginx::site(
}
nginx::site::config { "${name}-ssl":
- server_name => $name,
- ensure => $ensure ? {
+ server_name => $name,
+ ensure => $ensure ? {
'present' => $ssl,
default => absent,
},
- source => $source,
- template => "${template}-ssl",
- backend => $backend,
- aliases => $aliases,
- require => $certbot ? {
- true => $ensure ? {
+ source => $source,
+ template => "${template}-ssl",
+ backend => $backend,
+ aliases => $aliases,
+ cache => $cache,
+ cache_levels => $cache_levels,
+ cache_size => $cache_size,
+ cache_inactive => $cache_inactive,
+ cache_max_size => $cache_max_size,
+ x_frame_options => $x_frame_options,
+ require => $certbot ? {
+ true => $ensure ? {
'present' => Certbot::Manage[$name],
default => undef,
},
diff --git a/manifests/site/config.pp b/manifests/site/config.pp
index 9822795..0cdceea 100644
--- a/manifests/site/config.pp
+++ b/manifests/site/config.pp
@@ -1,10 +1,16 @@
define nginx::site::config(
- $server_name = $name,
- $ensure = present,
- $source = 'template',
- $template = 'site',
- $backend = 'weblocal',
- $aliases = "*.${name}",
+ $server_name = $name,
+ $ensure = present,
+ $source = 'template',
+ $template = 'site',
+ $backend = 'weblocal',
+ $aliases = "*.${name}",
+ $cache = false,
+ $cache_levels = '1:2',
+ $cache_size = '10m',
+ $cache_inactive = '600s',
+ $cache_max_size = '1m',
+ $x_frame_options = 'DENY',
){
case $source {
'file': {
diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index 5b9ce04..c852954 100644
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -15,7 +15,7 @@ server {
# clickjacking protection
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
- add_header X-Frame-Options DENY;
+ add_header X-Frame-Options <%= @x_frame_options %>;
location / {
# preserve http header and set forwarded proto