Allow haproxy role to create security.txt file
This patch allows haproxy role to create security.txt file. Change-Id: Ided790a5a89a2298b3b758d4484b25091b92945b
This commit is contained in:
parent
0dd2a4dc8c
commit
0f7b091244
|
@ -298,3 +298,30 @@ haproxy_log_mount_point: "/var/lib/haproxy/dev/log"
|
||||||
|
|
||||||
# Ansible group name which should be used for distrtibuting self signed SSL Certificates
|
# Ansible group name which should be used for distrtibuting self signed SSL Certificates
|
||||||
haproxy_ansible_group_name: haproxy_all
|
haproxy_ansible_group_name: haproxy_all
|
||||||
|
|
||||||
|
## security.txt
|
||||||
|
# When security risks in web services are discovered by independent security
|
||||||
|
# researchers who understand the severity of the risk, they often lack the
|
||||||
|
# channels to disclose them properly. As a result, security issues may be
|
||||||
|
# left unreported. security.txt defines a standard to help organizations
|
||||||
|
# define the process for security researchers to disclose security
|
||||||
|
# vulnerabilities securely. For more information see https://securitytxt.org/
|
||||||
|
# This content will be hosted at /security.txt and /.well-known/security.txt
|
||||||
|
haproxy_security_txt_dir: "/etc/haproxy"
|
||||||
|
haproxy_security_txt_headers: |
|
||||||
|
HTTP/1.0 200 OK
|
||||||
|
Cache-Control: no-cache
|
||||||
|
Connection: close
|
||||||
|
Content-Type: text/html
|
||||||
|
|
||||||
|
haproxy_security_txt_content: ''
|
||||||
|
# haproxy_security_txt_content: |
|
||||||
|
# # Please see https://securitytxt.org/ for details of the specification of this file
|
||||||
|
|
||||||
|
# Allows to copy any static file to the destination hosts
|
||||||
|
haproxy_static_files_default:
|
||||||
|
- dest: "{{ haproxy_security_txt_dir }}/security.txt"
|
||||||
|
content: "{{ haproxy_security_txt_headers + '\n' + haproxy_security_txt_content }}"
|
||||||
|
condition: "{{ haproxy_security_txt_content is truthy }}"
|
||||||
|
haproxy_static_files_extra: []
|
||||||
|
haproxy_static_files: "{{ haproxy_static_files_default + haproxy_static_files_extra }}"
|
||||||
|
|
|
@ -51,3 +51,11 @@
|
||||||
with_items:
|
with_items:
|
||||||
- /etc/haproxy/conf.d
|
- /etc/haproxy/conf.d
|
||||||
- "{{ haproxy_ssl_cert_path }}"
|
- "{{ haproxy_ssl_cert_path }}"
|
||||||
|
|
||||||
|
- name: Copy static files
|
||||||
|
copy:
|
||||||
|
content: "{{ item.content }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
when:
|
||||||
|
- (item.condition | default(True))
|
||||||
|
loop: "{{ haproxy_static_files }}"
|
||||||
|
|
Loading…
Reference in New Issue