sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add ssl_dhparam option (#114)

Browse Source 
* add dhparam to README

* add dhparam to defaults/main.yml
This commit is contained in:
Shaun Smiley 2019-04-08 06:16:28 -07:00 committed by Grzegorz Dzien
parent 4c96e196d4
commit e658031360
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -376,6 +376,7 @@ nginx_http_template:
cert: /etc/ssl/certs/proxy_default.crt cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt trusted_cert: /etc/ssl/certs/proxy_ca.crt
dhparam: /etc/ssl/private/dh_param.pem
server_name: false server_name: false
name: server_name name: server_name
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2

1
defaults/main.yml
View File

@ -175,6 +175,7 @@ nginx_http_template:
ssl: ssl:
cert: /etc/ssl/certs/default.crt cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5 ciphers: HIGH:!aNULL:!MD5
session_cache: none session_cache: none

3
templates/http/default.conf.j2
View File

@ -52,6 +52,9 @@ server {
listen {{ item.value.port }} ssl; listen {{ item.value.port }} ssl;
ssl_certificate {{ item.value.ssl.cert }}; ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }}; ssl_certificate_key {{ item.value.ssl.key }};
{% if item.value.ssl.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }};
{% endif %}
{% if item.value.ssl.protocols is defined %} {% if item.value.ssl.protocols is defined %}
ssl_protocols {{ item.value.ssl.protocols }}; ssl_protocols {{ item.value.ssl.protocols }};
{% endif %} {% endif %}