Update to 2022-02-13 22:00

roles/nginx/defaults/main.yml

@@ -27,6 +27,9 @@ nginx_key_path: /etc/nginx/ssl/key.pem
 #
 # nginx_letsencrypt_cert:
 
+# Default nginx vhost
+# You can override it if you want to use a custom _ vhost
+nginx_default_vhost_name: _
 nginx_vhosts: []
 nginx_default_vhost_base:
   aliases: []

roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2

@@ -135,8 +135,10 @@ server {
 {% endif %}
 {% endfor %}
 
-{% if vhost.csp %}
+{% if vhost.csp is string and vhost.csp != '' %}
     add_header Content-Security-Policy "{{ vhost.csp + (vhost.csp is search('connect-src') and vhost.proxy.websocket) | ternary('', '; connect-src \'self\' wss://' + vhost.name) }}";
+{% elif vhost.csp is mapping %}
+    add_header Content-Security-Policy "{% for csp in vhost.csp.keys() | list %}{{ csp }} {{ vhost.csp[csp] }}{% if not loop.last %}; {% endif %}{% endfor %}";
 {% endif %}
 
 {% if vhost.auth == 'llng' or vhost.auth == 'llng_basic' %}

roles/nginx/templates/nginx.conf.j2

@@ -78,10 +78,10 @@ http {
 
 {% if '_' not in nginx_vhosts | map(attribute='name') | list %}
   server {
-    listen 80 default_server;
-    listen 443 default_server ssl http2;
+    listen 80{% if nginx_default_vhost_name == '_' %} default_server{% endif %};
+    listen 443{% if nginx_default_vhost_name == '_' %} default_server{% endif %} ssl http2;
 
-    server_name _;
+    server_name {{ nginx_default_vhost_name }};
     root /usr/share/nginx/html;
 
     # Load location fragments in the default vhost

roles/squid/files/acl/software_various.domains

@@ -159,6 +159,7 @@ download.java.net
 forumarchivebuilder.googlecode.com
 maven.java.net
 redshift-maven-repository.s3-website-us-east-1.amazonaws.com
+maven.repository.redhat.com
 
 # Unifi
 www.ubnt.com