61 lines
1.5 KiB
YAML
61 lines
1.5 KiB
YAML
---
|
|
|
|
apache_consul_service: "{{ consul_services|default(False) }}"
|
|
|
|
apache_mpm_prefork: true
|
|
|
|
apache_timeout: 30
|
|
|
|
apache_monitoring_ips: "{{ (nagios_nrpe_monitoring_ips|default([]) + firewall_monitoring_ips|default([])) | join(' ') }}"
|
|
|
|
apache_mod_ssl_protocols: all -SSLv2 -SSLv3 -TLSv1
|
|
apache_mod_ssl_ciphers:
|
|
- ECDHE-RSA-AES128-GCM-SHA256
|
|
- ECDHE-ECDSA-AES128-GCM-SHA256
|
|
- ECDHE-RSA-AES256-GCM-SHA384
|
|
- ECDHE-ECDSA-AES256-GCM-SHA384
|
|
- ECDHE-RSA-CHACHA20-POLY1305
|
|
- ECDHE-ECDSA-CHACHA20-POLY1305
|
|
- ECDHE-RSA-AES128-SHA256
|
|
- ECDHE-ECDSA-AES128-SHA256
|
|
- ECDHE-RSA-AES256-SHA384
|
|
- ECDHE-ECDSA-AES256-SHA384
|
|
- ECDHE-RSA-AES128-SHA
|
|
- ECDHE-ECDSA-AES128-SHA
|
|
- ECDHE-RSA-AES256-SHA
|
|
- ECDHE-ECDSA-AES256-SHA
|
|
- DHE-RSA-AES128-GCM-SHA256
|
|
- DHE-RSA-AES256-GCM-SHA384
|
|
- DHE-RSA-AES128-SHA256
|
|
- DHE-RSA-AES256-SHA256
|
|
- DHE-RSA-AES128-SHA
|
|
- DHE-RSA-AES256-SHA
|
|
# - AES128-GCM-SHA256
|
|
# - AES256-GCM-SHA384
|
|
# - AES128-SHA256
|
|
# - AES256-SHA256
|
|
# - AES128-SHA
|
|
# - AES256-SHA
|
|
|
|
apache_http2_enabled: on
|
|
|
|
apache_firewall: yes
|
|
apache_firewall_public: yes
|
|
apache_firewall_public_isolated: no
|
|
apache_firewall_acl: []
|
|
apache_firewall_drop_dst: []
|
|
|
|
apache_security_headers: false
|
|
|
|
apache_mod_evasive: off
|
|
apache_mod_evasive_settings:
|
|
DOSHashTableSize: 3097
|
|
DOSPageCount: 20
|
|
DOSSiteCount: 100
|
|
DOSPageInterval: 2
|
|
DOSSiteInterval: 1
|
|
DOSBlockingPeriod: 10
|
|
|
|
apache_mod_security: "{{ apache_firewall_public }}"
|
|
apache_mod_security_enabled: false
|