Merge branch 'unstable' into stable
This commit is contained in:
commit
b0ef42db11
13
CHANGELOG.md
13
CHANGELOG.md
|
@ -18,6 +18,19 @@ The **patch** part changes incrementally at each release.
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
||||||
|
## [9.2.0] - 2018-05-16
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
* filebeat: install version 6.x by default
|
||||||
|
* filebeat: cleanup unused code
|
||||||
|
* squid: add some domaine and fix broken restrictions
|
||||||
|
* elasticsearch: defaults to version 6.x
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
* evolinux-users: secondary groups are comma-separated
|
||||||
|
* ntpd: fix configuration (server and ACL)
|
||||||
|
* varnish: don't fork the process on startup with systemd
|
||||||
|
|
||||||
## [9.1.9] - 2018-04-24
|
## [9.1.9] - 2018-04-24
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
elastic_stack_version: "5.x"
|
elastic_stack_version: "6.x"
|
||||||
|
|
||||||
elasticsearch_cluster_name: Null
|
elasticsearch_cluster_name: Null
|
||||||
elasticsearch_node_name: "${HOSTNAME}"
|
elasticsearch_node_name: "${HOSTNAME}"
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
# We want to allow any user from a list of IP addresses to login with password,
|
# We want to allow any user from a list of IP addresses to login with password,
|
||||||
# but users of the "evolix" group can't login with password from other IP addresses
|
# but users of the "evolix" group can't login with password from other IP addresses
|
||||||
|
|
||||||
- name: Security directives for Evolinux (Debian 10 or later)"
|
- name: "Security directives for Evolinux (Debian 10 or later)"
|
||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/ssh/sshd_config
|
dest: /etc/ssh/sshd_config
|
||||||
block: |
|
block: |
|
||||||
|
|
|
@ -31,3 +31,8 @@ evolinux_users:
|
||||||
- 'ssh-rsa QWERTYUIOP'
|
- 'ssh-rsa QWERTYUIOP'
|
||||||
- 'ssh-ed25519 QWERTYUIOP'
|
- 'ssh-ed25519 QWERTYUIOP'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`)
|
||||||
|
* `evolinux_ssh_group`: which group to use for ssh (default: `evolinux-ssh`)
|
||||||
|
* `evolinux_internal_group`: which group to use for all created users (eg. the company name)
|
||||||
|
* `evolinux_root_disable_ssh`: disable root's ssh access (default: `True`)
|
||||||
|
|
|
@ -3,5 +3,6 @@ evolinux_users: {}
|
||||||
|
|
||||||
evolinux_sudo_group: "evolinux-sudo"
|
evolinux_sudo_group: "evolinux-sudo"
|
||||||
evolinux_ssh_group: "evolinux-ssh"
|
evolinux_ssh_group: "evolinux-ssh"
|
||||||
|
evolinux_internal_group: ""
|
||||||
|
|
||||||
evolinux_root_disable_ssh: True
|
evolinux_root_disable_ssh: True
|
||||||
|
|
|
@ -43,6 +43,8 @@
|
||||||
|
|
||||||
# Unix groups
|
# Unix groups
|
||||||
|
|
||||||
|
## Group for SSH authorizations
|
||||||
|
|
||||||
- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
|
- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
|
||||||
group:
|
group:
|
||||||
name: "{{ evolinux_ssh_group }}"
|
name: "{{ evolinux_ssh_group }}"
|
||||||
|
@ -56,20 +58,49 @@
|
||||||
append: yes
|
append: yes
|
||||||
when: ansible_distribution_major_version | version_compare('10', '>=')
|
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||||
|
|
||||||
|
## Optional group for all evolinux users
|
||||||
|
|
||||||
|
- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)"
|
||||||
|
group:
|
||||||
|
name: "{{ evolinux_internal_group }}"
|
||||||
|
state: present
|
||||||
|
when:
|
||||||
|
- evolinux_internal_group is defined
|
||||||
|
- evolinux_internal_group != ""
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
|
||||||
|
user:
|
||||||
|
name: '{{ user.name }}'
|
||||||
|
groups: "{{ evolinux_internal_group }}"
|
||||||
|
append: yes
|
||||||
|
when:
|
||||||
|
- evolinux_internal_group is defined
|
||||||
|
- evolinux_internal_group != ""
|
||||||
|
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
## Optional secondary groups, defined per user
|
||||||
|
|
||||||
- name: "Secondary Unix groups are present"
|
- name: "Secondary Unix groups are present"
|
||||||
group:
|
group:
|
||||||
name: "{{ group }}"
|
name: "{{ group }}"
|
||||||
with_items: "{{ user.groups }}"
|
with_items: "{{ user.groups }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: group
|
loop_var: group
|
||||||
when: user.groups is defined
|
when:
|
||||||
|
- user.groups is defined
|
||||||
|
- user.groups != []
|
||||||
|
|
||||||
- name: "Unix user '{{ user.name }}' belongs to secondary groups"
|
- name: "Unix user '{{ user.name }}' belongs to secondary groups"
|
||||||
user:
|
user:
|
||||||
name: '{{ user.name }}'
|
name: '{{ user.name }}'
|
||||||
groups: "{{ user.groups }}"
|
groups: "{{ user.groups | join(',') }}"
|
||||||
append: yes
|
append: yes
|
||||||
when: user.groups is defined
|
when:
|
||||||
|
- user.groups is defined
|
||||||
|
- user.groups != []
|
||||||
|
|
||||||
|
# Permissions on home directory
|
||||||
|
|
||||||
- name: "Home directory for '{{ user.name }}' is not accessible by group and other users"
|
- name: "Home directory for '{{ user.name }}' is not accessible by group and other users"
|
||||||
file:
|
file:
|
||||||
|
@ -86,7 +117,7 @@
|
||||||
check_mode: no
|
check_mode: no
|
||||||
register: grep_profile_evomaintenance
|
register: grep_profile_evomaintenance
|
||||||
|
|
||||||
# Don't add the trap if it is present or commented
|
## Don't add the trap if it is present or commented
|
||||||
- name: "User '{{ user.name }}' has its shell trap for evomaintenance"
|
- name: "User '{{ user.name }}' has its shell trap for evomaintenance"
|
||||||
lineinfile:
|
lineinfile:
|
||||||
state: present
|
state: present
|
||||||
|
|
|
@ -4,7 +4,7 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts
|
||||||
User_Alias ADMINS = {{ user.name }}
|
User_Alias ADMINS = {{ user.name }}
|
||||||
|
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||||
|
|
||||||
ADMINS ALL = (ALL:ALL) ALL
|
ADMINS ALL = (ALL:ALL) ALL
|
||||||
|
|
|
@ -3,7 +3,7 @@ Defaults umask=0077
|
||||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
|
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount
|
||||||
|
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall
|
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||||
|
|
||||||
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
|
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
elastic_stack_version: "5.x"
|
elastic_stack_version: "6.x"
|
||||||
|
|
||||||
filebeat_kibana_dashboards: False
|
|
||||||
filebeat_logstash_plugin: False
|
filebeat_logstash_plugin: False
|
||||||
|
|
|
@ -40,10 +40,6 @@
|
||||||
name: filebeat
|
name: filebeat
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
# - name: Kibana dashboards are imported
|
|
||||||
# command: /usr/share/filebeat/scripts/import_dashboards
|
|
||||||
# when: filebeat_kibana_dashboards
|
|
||||||
|
|
||||||
- name: is logstash-plugin available?
|
- name: is logstash-plugin available?
|
||||||
stat:
|
stat:
|
||||||
path: /usr/share/logstash/bin/logstash-plugin
|
path: /usr/share/logstash/bin/logstash-plugin
|
||||||
|
|
|
@ -1,9 +1,8 @@
|
||||||
---
|
---
|
||||||
ntpd_servers:
|
ntpd_servers:
|
||||||
- 'ntp.evolix.net'
|
- 'ntp.evolix.net iburst'
|
||||||
ntpd_acls:
|
ntpd_acls:
|
||||||
|
- '-4 default kod notrap nomodify nopeer noquery'
|
||||||
|
- '-6 default kod notrap nomodify nopeer noquery'
|
||||||
- '127.0.0.1'
|
- '127.0.0.1'
|
||||||
- '::1'
|
- '::1'
|
||||||
- '-4 default ignore'
|
|
||||||
- '-6 default ignore'
|
|
||||||
|
|
||||||
|
|
|
@ -5,9 +5,9 @@
|
||||||
^backports\.debian\.org$
|
^backports\.debian\.org$
|
||||||
^www\.kernel\.org$
|
^www\.kernel\.org$
|
||||||
^hwraid\.le-vert\.net$
|
^hwraid\.le-vert\.net$
|
||||||
^.*clamav\.net$
|
^.*\.clamav\.net$
|
||||||
^spamassassin\.apache\.org$
|
^spamassassin\.apache\.org$
|
||||||
^.*sa-update.*$
|
^.*\.sa-update.*$
|
||||||
^pear\.php\.net$
|
^pear\.php\.net$
|
||||||
^repo\.mysql\.com$
|
^repo\.mysql\.com$
|
||||||
|
|
||||||
|
@ -18,12 +18,15 @@
|
||||||
^ocsp\.usertrust\.com$
|
^ocsp\.usertrust\.com$
|
||||||
|
|
||||||
### CMS / Wordpress / Drupal / ...
|
### CMS / Wordpress / Drupal / ...
|
||||||
|
|
||||||
# Wordpress
|
# Wordpress
|
||||||
^.*akismet\.com$
|
^.*\.akismet\.com$
|
||||||
^.*wordpress\.(org|com)$
|
^.*\.wordpress\.(org|com)$
|
||||||
^.*gravatar\.com$
|
^.*\.gravatar\.com$
|
||||||
^www\.wordpress-fr\.net$
|
^www\.wordpress-fr\.net$
|
||||||
^pixel\.wp\.com$
|
^pixel\.wp\.com$
|
||||||
|
^wp-updates\.com$
|
||||||
|
|
||||||
# Wordpress pingback
|
# Wordpress pingback
|
||||||
^rpc\.pingomatic\.com$
|
^rpc\.pingomatic\.com$
|
||||||
^blo\.gs$
|
^blo\.gs$
|
||||||
|
@ -53,12 +56,13 @@
|
||||||
^geourl\.org$
|
^geourl\.org$
|
||||||
^ipings\.com$
|
^ipings\.com$
|
||||||
^www\.weblogalot\.com$
|
^www\.weblogalot\.com$
|
||||||
|
|
||||||
# Wordpress plugins
|
# Wordpress plugins
|
||||||
^.*wpml\.org$
|
^.*\.wpml\.org$
|
||||||
^www\.wpcube\.co\.uk$
|
^www\.wpcube\.co\.uk$
|
||||||
^.*wp-rocket\.me$
|
^.*\.wp-rocket\.me$
|
||||||
^www\.yithemes\.com$
|
^www\.yithemes\.com$
|
||||||
^.*yoast\.com$
|
^.*\.yoast\.com$
|
||||||
^yarpp\.org$
|
^yarpp\.org$
|
||||||
^repository\.kreaturamedia\.com$
|
^repository\.kreaturamedia\.com$
|
||||||
^api\.wp-events-plugin\.com$
|
^api\.wp-events-plugin\.com$
|
||||||
|
@ -69,21 +73,27 @@
|
||||||
^vimeo\.com$
|
^vimeo\.com$
|
||||||
^api\.genesistheme\.com$
|
^api\.genesistheme\.com$
|
||||||
^www\.bolderelements\.net$
|
^www\.bolderelements\.net$
|
||||||
|
^wpbakery\.com$
|
||||||
|
^backwpup\.com$
|
||||||
|
|
||||||
# Magento Plugins
|
# Magento Plugins
|
||||||
^extensions\.activo\.com$
|
^extensions\.activo\.com$
|
||||||
^amasty\.com$
|
^amasty\.com$
|
||||||
|
|
||||||
# Joomla
|
# Joomla
|
||||||
^.*.joomla\.org$
|
^.*\.joomla\.org$
|
||||||
^getk2\.org$
|
^getk2\.org$
|
||||||
^miwisoft\.com$
|
^miwisoft\.com$
|
||||||
^mijosoft\.com$
|
^mijosoft\.com$
|
||||||
^www\.joomlaworks\.net$
|
^www\.joomlaworks\.net$
|
||||||
^cdn\.joomlaworks\.org$
|
^cdn\.joomlaworks\.org$
|
||||||
^download\.regularlabs\.com$
|
^download\.regularlabs\.com$
|
||||||
|
|
||||||
# Prestashop
|
# Prestashop
|
||||||
^.*.prestashop\.com$
|
^.*\.prestashop\.com$
|
||||||
^www\.presta-module\.com$
|
^www\.presta-module\.com$
|
||||||
^www\.presteamshop\.com$
|
^www\.presteamshop\.com$
|
||||||
|
|
||||||
# Others
|
# Others
|
||||||
^.*.drupal\.org$
|
^.*.drupal\.org$
|
||||||
^.*\.dotclear\.(net|org)$
|
^.*\.dotclear\.(net|org)$
|
||||||
|
@ -92,7 +102,9 @@
|
||||||
^www\.spip\.net$
|
^www\.spip\.net$
|
||||||
|
|
||||||
### Feeds / API / WS Tools / ...
|
### Feeds / API / WS Tools / ...
|
||||||
|
|
||||||
# Google
|
# Google
|
||||||
|
|
||||||
^.*\.googleapis\.com$
|
^.*\.googleapis\.com$
|
||||||
^.*\.google-analytics\.com$
|
^.*\.google-analytics\.com$
|
||||||
^blogsearch\.google\.(com|fr)$
|
^blogsearch\.google\.(com|fr)$
|
||||||
|
@ -100,16 +112,19 @@
|
||||||
^maps\.google\..*$
|
^maps\.google\..*$
|
||||||
^translate\.google\.com$
|
^translate\.google\.com$
|
||||||
^www\.google\.com$
|
^www\.google\.com$
|
||||||
|
|
||||||
# Facebook
|
# Facebook
|
||||||
^.*\.facebook\.com$
|
^.*\.facebook\.com$
|
||||||
^.*\.fbcdn\.net$
|
^.*\.fbcdn\.net$
|
||||||
|
|
||||||
# Maxmind
|
# Maxmind
|
||||||
^geolite\.maxmind\.com$
|
^geolite\.maxmind\.com$
|
||||||
|
|
||||||
# Others
|
# Others
|
||||||
#^.*amazon.com$
|
#^.*\.amazon.com$
|
||||||
^.*twitter\.com$
|
^.*\.twitter\.com$
|
||||||
^.*feedburner\.com$
|
^.*\.feedburner\.com$
|
||||||
^.*openx\.(org|com|net)$
|
^.*\.openx\.(org|com|net)$
|
||||||
^geoip-api\.meteor\.com$
|
^geoip-api\.meteor\.com$
|
||||||
^www\.bing\.com$
|
^www\.bing\.com$
|
||||||
^www\.telize\.com$
|
^www\.telize\.com$
|
||||||
|
@ -125,3 +140,5 @@
|
||||||
^jenkins\.mirror\.isppower\.de$
|
^jenkins\.mirror\.isppower\.de$
|
||||||
^ftp\.icm\.edu\.pl$
|
^ftp\.icm\.edu\.pl$
|
||||||
^apt\.newrelic\.com$
|
^apt\.newrelic\.com$
|
||||||
|
^.*\.cloudfront\.net$
|
||||||
|
^api\.mailjet\.com$
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
### Evolix & System
|
### Evolix & System
|
||||||
http://.*evolix.(net|org|com|fr)/.*
|
http://.*.evolix.(net|org|com|fr)/.*
|
||||||
http://.*debian.org/.*
|
http://.*.debian.org/.*
|
||||||
http://www.backports.org/.*
|
http://www.backports.org/.*
|
||||||
http://backports.debian.org/.*
|
http://backports.debian.org/.*
|
||||||
http://www.kernel.org/.*
|
http://www.kernel.org/.*
|
||||||
http://hwraid.le-vert.net/.*
|
http://hwraid.le-vert.net/.*
|
||||||
http://.*clamav.net/.*
|
http://.*.clamav.net/.*
|
||||||
http://spamassassin.apache.org/.*
|
http://spamassassin.apache.org/.*
|
||||||
http://.*sa-update.*
|
http://.*.sa-update.*
|
||||||
http://pear.php.net/.*
|
http://pear.php.net/.*
|
||||||
http://repo.mysql.com/.*
|
http://repo.mysql.com/.*
|
||||||
|
|
||||||
|
@ -18,12 +18,15 @@ http://.*.letsencrypt.org/.*
|
||||||
http://ocsp.usertrust.com/.*
|
http://ocsp.usertrust.com/.*
|
||||||
|
|
||||||
### CMS / Wordpress / Drupal / ...
|
### CMS / Wordpress / Drupal / ...
|
||||||
|
|
||||||
# Wordpress
|
# Wordpress
|
||||||
http://.*akismet.com/.*
|
http://.*.akismet.com/.*
|
||||||
http://.*wordpress.(org|com)/.*
|
http://.*.wordpress.(org|com)/.*
|
||||||
http://.*gravatar.com/.*
|
http://.*.gravatar.com/.*
|
||||||
http://www.wordpress-fr.net/.*
|
http://www.wordpress-fr.net/.*
|
||||||
http://pixel.wp.com/.*
|
http://pixel.wp.com/.*
|
||||||
|
http://wp-updates.com/.*
|
||||||
|
|
||||||
# Wordpress pingback
|
# Wordpress pingback
|
||||||
http://rpc.pingomatic.com/.*
|
http://rpc.pingomatic.com/.*
|
||||||
http://blo.gs/ping.php
|
http://blo.gs/ping.php
|
||||||
|
@ -53,12 +56,13 @@ http://www.pingmyblog.com/.*
|
||||||
http://geourl.org/ping
|
http://geourl.org/ping
|
||||||
http://ipings.com/.*
|
http://ipings.com/.*
|
||||||
http://www.weblogalot.com/ping
|
http://www.weblogalot.com/ping
|
||||||
|
|
||||||
# Wordpress plugins
|
# Wordpress plugins
|
||||||
http://.*wpml.org/.*
|
http://.*.wpml.org/.*
|
||||||
http://www.wpcube.co.uk/.*
|
http://www.wpcube.co.uk/.*
|
||||||
http://.*wp-rocket.me/.*
|
http://.*.wp-rocket.me/.*
|
||||||
http://www.yithemes.com/.*
|
http://www.yithemes.com/.*
|
||||||
http://.*yoast.com/.*
|
http://.*.yoast.com/.*
|
||||||
http://yarpp.org/.*
|
http://yarpp.org/.*
|
||||||
http://repository.kreaturamedia.com/.*
|
http://repository.kreaturamedia.com/.*
|
||||||
http://api.wp-events-plugin.com/.*
|
http://api.wp-events-plugin.com/.*
|
||||||
|
@ -66,12 +70,16 @@ http://updates.themepunch.com/.*
|
||||||
http://themeisle.com/.*
|
http://themeisle.com/.*
|
||||||
http://download.advancedcustomfields.com/.*
|
http://download.advancedcustomfields.com/.*
|
||||||
http://wpcdn.io/.*
|
http://wpcdn.io/.*
|
||||||
http://vimeo.com/channels/wpetourisme/videos/rss
|
http://vimeo.com/.*
|
||||||
http://api.genesistheme.com/update-themes/
|
http://api.genesistheme.com/update-themes/
|
||||||
http://www.bolderelements.net/updates/.*
|
http://www.bolderelements.net/updates/.*
|
||||||
|
|
||||||
# Magento Plugins
|
# Magento Plugins
|
||||||
http://extensions.activo.com/.*
|
http://extensions.activo.com/.*
|
||||||
http://amasty.com/.*
|
http://amasty.com/.*
|
||||||
|
http://backwpup.com/.*
|
||||||
|
http://wpbakery.com/.*
|
||||||
|
|
||||||
# Joomla
|
# Joomla
|
||||||
http://.*.joomla.org/.*
|
http://.*.joomla.org/.*
|
||||||
http://getk2.org/.*
|
http://getk2.org/.*
|
||||||
|
@ -80,10 +88,12 @@ http://mijosoft.com/.*
|
||||||
http://www.joomlaworks.net/.*
|
http://www.joomlaworks.net/.*
|
||||||
http://cdn.joomlaworks.org/.*
|
http://cdn.joomlaworks.org/.*
|
||||||
http://download.regularlabs.com/.*
|
http://download.regularlabs.com/.*
|
||||||
|
|
||||||
# Prestashop
|
# Prestashop
|
||||||
http://.*.prestashop.com/.*
|
http://.*.prestashop.com/.*
|
||||||
http://www.presta-module.com/.*
|
http://www.presta-module.com/.*
|
||||||
http://www.presteamshop.com/.*
|
http://www.presteamshop.com/.*
|
||||||
|
|
||||||
# Others
|
# Others
|
||||||
http://.*.drupal.org/.*
|
http://.*.drupal.org/.*
|
||||||
http://.*.dotclear.(net|org)/.*
|
http://.*.dotclear.(net|org)/.*
|
||||||
|
@ -92,6 +102,7 @@ http://www.typolight.org/.*
|
||||||
http://www.spip.net/.*
|
http://www.spip.net/.*
|
||||||
|
|
||||||
### Feeds / API / WS Tools / ...
|
### Feeds / API / WS Tools / ...
|
||||||
|
|
||||||
# Google
|
# Google
|
||||||
http://.*.googleapis.com/.*
|
http://.*.googleapis.com/.*
|
||||||
http://.*.google-analytics.com/.*
|
http://.*.google-analytics.com/.*
|
||||||
|
@ -100,21 +111,24 @@ http://csi.gstatic.com/.*
|
||||||
http://maps.google.*/.*
|
http://maps.google.*/.*
|
||||||
http://translate.google.com/.*
|
http://translate.google.com/.*
|
||||||
http://www.google.com/webmasters/tools/.*
|
http://www.google.com/webmasters/tools/.*
|
||||||
|
|
||||||
# Facebook
|
# Facebook
|
||||||
http://.*.facebook.com/.*
|
http://.*.facebook.com/.*
|
||||||
http://.*.fbcdn.net/.*
|
http://.*.fbcdn.net/.*
|
||||||
|
|
||||||
# Maxmind
|
# Maxmind
|
||||||
http://geolite.maxmind.com/.*
|
http://geolite.maxmind.com/.*
|
||||||
|
|
||||||
# Others
|
# Others
|
||||||
http://.*amazon.com/.*
|
#http://.*.amazon.com/.*
|
||||||
http://.*twitter.com/.*
|
http://.*.twitter.com/.*
|
||||||
http://.*feedburner.com/.*
|
http://.*.feedburner.com/.*
|
||||||
http://.*openx.(org|com|net)/.*
|
http://.*.openx.(org|com|net)/.*
|
||||||
http://geoip-api.meteor.com/.*
|
http://geoip-api.meteor.com/.*
|
||||||
http://www.bing.com/.*
|
http://www.bing.com/.*
|
||||||
http://www.telize.com/.*
|
http://www.telize.com/.*
|
||||||
http://.*ident.me/.*
|
http://.*.ident.me/.*
|
||||||
http://.*icanhazip.com/.*
|
http://.*.icanhazip.com/.*
|
||||||
http://www.express-mailing.com/.*
|
http://www.express-mailing.com/.*
|
||||||
http://bot.whatismyipaddress.com/.*
|
http://bot.whatismyipaddress.com/.*
|
||||||
http://ipecho.net/.*
|
http://ipecho.net/.*
|
||||||
|
@ -125,3 +139,5 @@ http://mirrors.jenkins.io/.*
|
||||||
http://jenkins.mirror.isppower.de/.*
|
http://jenkins.mirror.isppower.de/.*
|
||||||
http://ftp.icm.edu.pl/.*
|
http://ftp.icm.edu.pl/.*
|
||||||
http://apt.newrelic.com/.*
|
http://apt.newrelic.com/.*
|
||||||
|
http://.*.cloudfront.net/.*
|
||||||
|
http://api.mailjet.com/.*
|
||||||
|
|
|
@ -2,6 +2,6 @@
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=
|
ExecStart=
|
||||||
ExecStart=/usr/sbin/varnishd -a {{ varnish_addresses | join(',') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }}
|
ExecStart=/usr/sbin/varnishd -F -a {{ varnish_addresses | join(',') }} -T {{ varnish_management_address }} -f {{ varnish_config_file }} -S {{ varnish_secret_file }} -s {{ varnish_storage }} -p thread_pools={{ varnish_thread_pools }} -p thread_pool_add_delay={{ varnish_thread_pool_add_delay }} -p thread_pool_min={{ varnish_thread_pool_min }} -p thread_pool_max={{ varnish_thread_pool_max }}
|
||||||
ExecReload=
|
ExecReload=
|
||||||
ExecReload=/etc/varnish/reload-vcl.sh
|
ExecReload=/etc/varnish/reload-vcl.sh
|
||||||
|
|
Loading…
Reference in a new issue