Add ssl_dhparam option (#114)
* add dhparam to README * add dhparam to defaults/main.yml
This commit is contained in:
parent
4c96e196d4
commit
e658031360
@ -376,6 +376,7 @@ nginx_http_template:
|
||||
cert: /etc/ssl/certs/proxy_default.crt
|
||||
key: /etc/ssl/private/proxy_default.key
|
||||
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
||||
dhparam: /etc/ssl/private/dh_param.pem
|
||||
server_name: false
|
||||
name: server_name
|
||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||
|
@ -175,6 +175,7 @@ nginx_http_template:
|
||||
ssl:
|
||||
cert: /etc/ssl/certs/default.crt
|
||||
key: /etc/ssl/private/default.key
|
||||
dhparam: /etc/ssl/private/dh_param.pem
|
||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||
ciphers: HIGH:!aNULL:!MD5
|
||||
session_cache: none
|
||||
|
@ -52,6 +52,9 @@ server {
|
||||
listen {{ item.value.port }} ssl;
|
||||
ssl_certificate {{ item.value.ssl.cert }};
|
||||
ssl_certificate_key {{ item.value.ssl.key }};
|
||||
{% if item.value.ssl.dhparam is defined %}
|
||||
ssl_dhparam {{ item.value.ssl.dhparam }};
|
||||
{% endif %}
|
||||
{% if item.value.ssl.protocols is defined %}
|
||||
ssl_protocols {{ item.value.ssl.protocols }};
|
||||
{% endif %}
|
||||
|
Loading…
Reference in New Issue
Block a user