Skip to content

Commit 6675e38

Browse files
aknot242aknot242
authored
Change default NGINX App Protect conf path for 3.2 (#82)
1 parent c73193f commit 6675e38

File tree

3 files changed

+7
-6
lines changed

3 files changed

+7
-6
lines changed

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44

55
ENHANCEMENTS:
66

7+
* Changing the default policy directory from `/etc/nginx` to `/etc/app_protect/conf` to align with this change introduced in App Protect 3.2.
78
* Update Ansible base to `2.10.8`, Ansible Lint to `5.0.7`, yamllint to `1.26.1` and Docker Python SDK to `5.0.0`.
89
* Update the Ansible `community.general` collection to `2.5.1` and `community.docker` collection to `1.5.0`.
910

defaults/main.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,7 @@ nginx_app_protect_security_policy_template_enable: true
7575
nginx_app_protect_security_policy_template:
7676
template_file: app-protect-security-policy.j2
7777
out_file_name: app-protect-security-policy.json
78-
out_file_location: /etc/nginx/
78+
out_file_location: /etc/app_protect/conf/
7979
# possible values: transparent, blocking
8080
nginx_app_protect_security_policy_enforcement_mode: transparent
8181

@@ -85,7 +85,7 @@ nginx_app_protect_log_policy_template_enable: true
8585
nginx_app_protect_log_policy_template:
8686
template_file: app-protect-log-policy.j2
8787
out_file_name: app-protect-log-policy.json
88-
out_file_location: /etc/nginx/
88+
out_file_location: /etc/app_protect/conf/
8989
# possible values: all, illegal, blocked
9090
nginx_app_protect_log_policy_filter_request_type: all
9191

@@ -104,9 +104,9 @@ nginx_app_protect_log_policy_target: "syslog:server={{ nginx_app_protect_log_pol
104104
# Copy local NGINX App Protect security policy to host
105105
nginx_app_protect_security_policy_file_enable: false
106106
nginx_app_protect_security_policy_file_src: files/config/security-policy.json
107-
nginx_app_protect_security_policy_file_dest: /etc/nginx/security-policy.json
107+
nginx_app_protect_security_policy_file_dest: /etc/app_protect/conf/security-policy.json
108108

109109
# Copy local NGINX App Protect log policy to host
110110
nginx_app_protect_log_policy_file_enable: false
111111
nginx_app_protect_log_policy_file_src: files/config/log-policy.json
112-
nginx_app_protect_log_policy_file_dest: /etc/nginx/log-policy.json
112+
nginx_app_protect_log_policy_file_dest: /etc/app_protect/conf/log-policy.json

molecule/default/verify.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,12 +47,12 @@
4747

4848
- name: Check that the security policy exists
4949
stat:
50-
path: /etc/nginx/app-protect-security-policy.json
50+
path: /etc/app_protect/conf/app-protect-security-policy.json
5151
register: stat_result
5252
failed_when: not stat_result.stat.exists
5353

5454
- name: Check that the log policy exists
5555
stat:
56-
path: /etc/nginx/app-protect-log-policy.json
56+
path: /etc/app_protect/conf/app-protect-log-policy.json
5757
register: stat_result
5858
failed_when: not stat_result.stat.exists

0 commit comments

Comments
 (0)