Add ssl_dhparam option (#114)

* add dhparam to README

* add dhparam to defaults/main.yml
This commit is contained in:
Shaun Smiley 2019-04-08 06:16:28 -07:00 committed by Grzegorz Dzien
parent 4c96e196d4
commit e658031360
3 changed files with 5 additions and 0 deletions

View File

@ -376,6 +376,7 @@ nginx_http_template:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
dhparam: /etc/ssl/private/dh_param.pem
server_name: false
name: server_name
protocols: TLSv1 TLSv1.1 TLSv1.2

View File

@ -175,6 +175,7 @@ nginx_http_template:
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
session_cache: none

View File

@ -52,6 +52,9 @@ server {
listen {{ item.value.port }} ssl;
ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }};
{% if item.value.ssl.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }};
{% endif %}
{% if item.value.ssl.protocols is defined %}
ssl_protocols {{ item.value.ssl.protocols }};
{% endif %}