sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add directives to use OCSP Stapling (#142)

Browse Source
This commit is contained in:
Philip Henning 2019-07-12 19:55:37 +02:00 committed by Alessandro Fael Garcia
parent 155c13c140
commit e3902b6cb2
3 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -382,6 +382,9 @@ nginx_http_template:
ciphers: HIGH:!aNULL:!MD5
session_cache: none
session_timeout: 5m
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
web_server:
locations:
default:

3
defaults/main.yml
View File

@ -194,6 +194,9 @@ nginx_http_template:
ciphers: HIGH:!aNULL:!MD5
session_cache: none
session_timeout: 5m
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
web_server:
locations:
default:

9
templates/http/default.conf.j2
View File

@ -54,6 +54,9 @@ server {
listen {{ item.value.port }} ssl;
ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }};
{% if item.value.ssl.trusted_cert is defined %}
ssl_trusted_certificate {{ item.value.ssl.trusted_cert }};
{% endif %}
{% if item.value.ssl.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }};
{% endif %}
@ -69,6 +72,12 @@ server {
{% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
ssl_session_timeout {{ item.value.ssl.session_timeout }};
{% endif %}
{% if item.value.ssl.stapling is defined and item.value.ssl.stapling %}
ssl_stapling on;
{% endif %}
{% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %}
ssl_stapling_verify on;
{% endif %}
{% else %}
listen {{ item.value.port }};
{% endif %}