Add a max open files parameter, check if a security header is not emp…

…ty before writing it
punktDe · Jul 24, 2024 · fbdb26a · fbdb26a
1 parent f6baddf
commit fbdb26a
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/defaults/main.yaml b/defaults/main.yaml
@@ -13,6 +13,7 @@ nginx:
       config: "/usr/local/etc/modsecurity"
       log: /var/log/modsecurity
   worker_processes: 8
+  worker_rlimit_nofile:
   user: "{{ 'www-data' if ansible_system == 'Linux' else 'www' }}"
   nameservers:
     - '[2606:4700:4700::1111]:53'

diff --git a/templates/include/security_headers.conf b/templates/include/security_headers.conf
@@ -1,3 +1,5 @@
 {% for i in nginx_security_headers_merged %}
+{% if i['value'] and (i['value'] | length > 0) %}
 add_header {{ i['header'] }} "{{ i['value'] }}"{% if i['always'] | default(False) %} always{% endif %};
+{% endif %}
 {% endfor %}
diff --git a/templates/nginx.conf b/templates/nginx.conf
@@ -4,6 +4,10 @@ load_module {{ nginx.dynamic_modules_path }}/{{ module }};
 
 worker_processes {{ nginx.worker_processes }};
 
+{% if nginx.worker_rlimit_nofile %}
+worker_rlimit_nofile {{ nginx.worker_rlimit_nofile }};
+{% endif %}
+
 events {
     worker_connections 1024;
 }