Add ssl_dhparam option (#114)

* add dhparam to README * add dhparam to defaults/main.yml
2019-04-08 06:16:28 -07:00 · 2019-04-08 06:16:28 -07:00 · e658031360
commit e658031360
parent 4c96e196d4
3 changed files with 5 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -376,6 +376,7 @@ nginx_http_template:
            cert: /etc/ssl/certs/proxy_default.crt
            key: /etc/ssl/private/proxy_default.key
            trusted_cert: /etc/ssl/certs/proxy_ca.crt
+            dhparam: /etc/ssl/private/dh_param.pem
            server_name: false
            name: server_name
            protocols: TLSv1 TLSv1.1 TLSv1.2
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -175,6 +175,7 @@ nginx_http_template:
    ssl:
      cert: /etc/ssl/certs/default.crt
      key: /etc/ssl/private/default.key
+      dhparam: /etc/ssl/private/dh_param.pem
      protocols: TLSv1 TLSv1.1 TLSv1.2
      ciphers: HIGH:!aNULL:!MD5
      session_cache: none
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@ -52,6 +52,9 @@ server {
    listen {{ item.value.port }} ssl;
    ssl_certificate {{ item.value.ssl.cert }};
    ssl_certificate_key {{ item.value.ssl.key }};
+{% if item.value.ssl.dhparam is defined %}
+    ssl_dhparam {{ item.value.ssl.dhparam }};
+{% endif %}
 {% if item.value.ssl.protocols is defined %}
    ssl_protocols {{ item.value.ssl.protocols }};
 {% endif %}