Add ssl_dhparam option (#114)
* add dhparam to README * add dhparam to defaults/main.yml
This commit is contained in:
parent
4c96e196d4
commit
e658031360
@ -376,6 +376,7 @@ nginx_http_template:
|
|||||||
cert: /etc/ssl/certs/proxy_default.crt
|
cert: /etc/ssl/certs/proxy_default.crt
|
||||||
key: /etc/ssl/private/proxy_default.key
|
key: /etc/ssl/private/proxy_default.key
|
||||||
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
||||||
|
dhparam: /etc/ssl/private/dh_param.pem
|
||||||
server_name: false
|
server_name: false
|
||||||
name: server_name
|
name: server_name
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
|
@ -175,6 +175,7 @@ nginx_http_template:
|
|||||||
ssl:
|
ssl:
|
||||||
cert: /etc/ssl/certs/default.crt
|
cert: /etc/ssl/certs/default.crt
|
||||||
key: /etc/ssl/private/default.key
|
key: /etc/ssl/private/default.key
|
||||||
|
dhparam: /etc/ssl/private/dh_param.pem
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
session_cache: none
|
session_cache: none
|
||||||
|
@ -52,6 +52,9 @@ server {
|
|||||||
listen {{ item.value.port }} ssl;
|
listen {{ item.value.port }} ssl;
|
||||||
ssl_certificate {{ item.value.ssl.cert }};
|
ssl_certificate {{ item.value.ssl.cert }};
|
||||||
ssl_certificate_key {{ item.value.ssl.key }};
|
ssl_certificate_key {{ item.value.ssl.key }};
|
||||||
|
{% if item.value.ssl.dhparam is defined %}
|
||||||
|
ssl_dhparam {{ item.value.ssl.dhparam }};
|
||||||
|
{% endif %}
|
||||||
{% if item.value.ssl.protocols is defined %}
|
{% if item.value.ssl.protocols is defined %}
|
||||||
ssl_protocols {{ item.value.ssl.protocols }};
|
ssl_protocols {{ item.value.ssl.protocols }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
Loading…
Reference in New Issue
Block a user