initial upload

2025-10-10 11:07:34 +00:00
commit 6224cd01c6
161 changed files with 8964 additions and 0 deletions
--- a/roles/apache/defaults/main.yml
+++ b/roles/apache/defaults/main.yml
@@ -0,0 +1,60 @@
+---
+
+apache_consul_service: "{{ consul_services|default(False) }}"
+
+apache_mpm_prefork: true
+
+apache_timeout: 30
+
+apache_monitoring_ips: "{{ (nagios_nrpe_monitoring_ips|default([]) + firewall_monitoring_ips|default([])) | join(' ') }}"
+
+apache_mod_ssl_protocols: all -SSLv2 -SSLv3 -TLSv1
+apache_mod_ssl_ciphers:
+  - ECDHE-RSA-AES128-GCM-SHA256
+  - ECDHE-ECDSA-AES128-GCM-SHA256
+  - ECDHE-RSA-AES256-GCM-SHA384
+  - ECDHE-ECDSA-AES256-GCM-SHA384
+  - ECDHE-RSA-CHACHA20-POLY1305
+  - ECDHE-ECDSA-CHACHA20-POLY1305
+  - ECDHE-RSA-AES128-SHA256
+  - ECDHE-ECDSA-AES128-SHA256
+  - ECDHE-RSA-AES256-SHA384
+  - ECDHE-ECDSA-AES256-SHA384
+  - ECDHE-RSA-AES128-SHA
+  - ECDHE-ECDSA-AES128-SHA
+  - ECDHE-RSA-AES256-SHA
+  - ECDHE-ECDSA-AES256-SHA
+  - DHE-RSA-AES128-GCM-SHA256
+  - DHE-RSA-AES256-GCM-SHA384
+  - DHE-RSA-AES128-SHA256
+  - DHE-RSA-AES256-SHA256
+  - DHE-RSA-AES128-SHA
+  - DHE-RSA-AES256-SHA
+#  - AES128-GCM-SHA256
+#  - AES256-GCM-SHA384
+#  - AES128-SHA256
+#  - AES256-SHA256
+#  - AES128-SHA
+#  - AES256-SHA
+
+apache_http2_enabled: on
+
+apache_firewall: yes
+apache_firewall_public: yes
+apache_firewall_public_isolated: no
+apache_firewall_acl: []
+apache_firewall_drop_dst: []
+
+apache_security_headers: false
+
+apache_mod_evasive: off
+apache_mod_evasive_settings:
+  DOSHashTableSize:    3097
+  DOSPageCount:        20
+  DOSSiteCount:        100
+  DOSPageInterval:     2
+  DOSSiteInterval:     1
+  DOSBlockingPeriod:   10
+
+apache_mod_security: "{{ apache_firewall_public }}"
+apache_mod_security_enabled: false