From e658031360bbc2ac996addbcf6dab7c47e1acc11 Mon Sep 17 00:00:00 2001 From: Shaun Smiley Date: Mon, 8 Apr 2019 06:16:28 -0700 Subject: [PATCH] Add ssl_dhparam option (#114) * add dhparam to README * add dhparam to defaults/main.yml --- README.md | 1 + defaults/main.yml | 1 + templates/http/default.conf.j2 | 3 +++ 3 files changed, 5 insertions(+) diff --git a/README.md b/README.md index 312afd7..632efb9 100644 --- a/README.md +++ b/README.md @@ -376,6 +376,7 @@ nginx_http_template: cert: /etc/ssl/certs/proxy_default.crt key: /etc/ssl/private/proxy_default.key trusted_cert: /etc/ssl/certs/proxy_ca.crt + dhparam: /etc/ssl/private/dh_param.pem server_name: false name: server_name protocols: TLSv1 TLSv1.1 TLSv1.2 diff --git a/defaults/main.yml b/defaults/main.yml index 64d43de..d34e167 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -175,6 +175,7 @@ nginx_http_template: ssl: cert: /etc/ssl/certs/default.crt key: /etc/ssl/private/default.key + dhparam: /etc/ssl/private/dh_param.pem protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 session_cache: none diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index c0e2120..7f9058b 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -52,6 +52,9 @@ server { listen {{ item.value.port }} ssl; ssl_certificate {{ item.value.ssl.cert }}; ssl_certificate_key {{ item.value.ssl.key }}; +{% if item.value.ssl.dhparam is defined %} + ssl_dhparam {{ item.value.ssl.dhparam }}; +{% endif %} {% if item.value.ssl.protocols is defined %} ssl_protocols {{ item.value.ssl.protocols }}; {% endif %}