diff options
| author | Matthieu Saulnier <fantom@fedoraproject.org> | 2020-07-11 23:02:33 +0200 |
|---|---|---|
| committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2020-07-11 23:02:33 +0200 |
| commit | 166842eda629b6463a908d956156820a34ecd93a (patch) | |
| tree | 13e499ff68cb795bfd8b2ac109d3708dd011582a /roles/proxy | |
| parent | 380248f0145099787cb0d58e1f1f63445e23a6bd (diff) | |
| download | playbooks-ansible-166842eda629b6463a908d956156820a34ecd93a.tar.gz playbooks-ansible-166842eda629b6463a908d956156820a34ecd93a.tar.xz playbooks-ansible-166842eda629b6463a908d956156820a34ecd93a.zip | |
add condition in proxy role in case ipv6 is not available
Diffstat (limited to 'roles/proxy')
| -rw-r--r-- | roles/proxy/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/proxy/templates/squid.conf.j2 | 14 |
2 files changed, 14 insertions, 1 deletions
diff --git a/roles/proxy/defaults/main.yml b/roles/proxy/defaults/main.yml index cd64874..579fffb 100644 --- a/roles/proxy/defaults/main.yml +++ b/roles/proxy/defaults/main.yml @@ -11,4 +11,3 @@ iface: - 127.0.0.1 - "[::1]" - "{{ ansible_default_ipv4.address }}" - - "[{{ ansible_default_ipv6.address }}]" diff --git a/roles/proxy/templates/squid.conf.j2 b/roles/proxy/templates/squid.conf.j2 index 6124a82..034cfff 100644 --- a/roles/proxy/templates/squid.conf.j2 +++ b/roles/proxy/templates/squid.conf.j2 @@ -1,6 +1,8 @@ # Mode forward proxy ##http_port {{ ansible_default_ipv4.address }}:{{ fwdport }} +{% if ansible_default_ipv6.address is defined -%} ##http_port [{{ ansible_default_ipv6.address }}]:{{ fwdport }} +{% endif -%} # Mode reverse proxy @@ -25,6 +27,18 @@ https_port {{ item }}:{{ revports }} accel ignore-cc \ sslflags=DELAYED_AUTH {% endfor %} +{% if ansible_default_ipv6.address is defined -%} +http_port {{ ansible_default_ipv6.address }}:{{ revport }} accel ignore-cc +https_port {{ ansible_default_ipv6.address }}:{{ revports }} accel ignore-cc \ + cert=/etc/pki/tls/certs/{{ maindomain }}.{{ ansible_hostname }}.{{ crtversion }}.crt \ + key=/etc/pki/tls/private/{{ maindomain }}.{{ ansible_hostname }}.{{ crtversion }}.key \ + tls-dh=secp384r1:/etc/pki/tls/certs/dhparam-4096.{{ ansible_hostname }}.{{ crtversion }}.pem \ + dhparams=/etc/pki/tls/certs/dhparam-4096.{{ ansible_hostname }}.{{ crtversion }}.pem \ + crlfile=/etc/pki/tls/certs/crt-crl.pem \ + cipher=ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 \ + options=NO_SSLv2,NO_SSLv3,CIPHER_SERVER_PREFERENCE \ + sslflags=DELAYED_AUTH +{% endif -%} {% for peer in peers %} |