Present the misp_webserver_harden variable, so we avoid depending on juju4/ansible-harden-apache, should we plan to have a clean setup also serving HTTPS.
Motivation and Context
templates/apache2-misp.conf.j2 was set to enforce the use of https://github.com/juju4/ansible-harden-apache, should we ended up setting the MISP role to serve HTTPS traffic by default. There was no option available to disable the inclusion of a particular configuration file which hardens the Apache virtual host.
Here we work that out, and present misp_webserver_harden (set to true by default), which gives folks an option to disable that if they want to.
How Has This Been Tested?
After changing the misp_base_port to 443 (which would require setting up TLS certificates), we:
Applied this role, against (fresh installed) Ubuntu machines using the particular versions affected by this change request;
Verified the presence (or not) of a included file for the misp.conf virtual host.
Types of changes
[x] Bug fix (non-breaking change which fixes an issue)
[x] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
Checklist:
[x] My code follows the code style of this project.
[ ] My change requires a change to the documentation.
[ ] I have updated the documentation accordingly.
[ ] I have read the CONTRIBUTING document.
[ ] I have added tests to cover my changes.
[ ] All new and existing tests passed including pre-commit and github actions.
Description
Present the
misp_webserver_harden
variable, so we avoid depending on juju4/ansible-harden-apache, should we plan to have a clean setup also serving HTTPS.Motivation and Context
templates/apache2-misp.conf.j2
was set to enforce the use of https://github.com/juju4/ansible-harden-apache, should we ended up setting the MISP role to serve HTTPS traffic by default. There was no option available to disable the inclusion of a particular configuration file which hardens the Apache virtual host.Here we work that out, and present
misp_webserver_harden
(set to true by default), which gives folks an option to disable that if they want to.How Has This Been Tested?
After changing the
misp_base_port
to443
(which would require setting up TLS certificates), we:misp.conf
virtual host.Types of changes
Checklist: