2016-01-12 18:14:36 +07:00
SSL/TLS Management
==================
You can put all this variables in a separated vault file.
Variables
---------
- `nginx_dh` : DH content
- `nginx_dh_length` : DH key length (default is 2048)
- `nginx_dh_path` : file localation
- `nginx_ssl_dir` : directory where you install your SSL/TLS keys
- `nginx_ssl_pairs`
Cert/Key pairs
--------------
This list have 3 mandatory keys:
- `name` : MUST be unique
2016-01-12 23:26:30 +07:00
2016-01-12 18:14:36 +07:00
- `key` : content of the private key
- `cert` : content of the public key
2016-01-12 23:26:30 +07:00
OR
- `dest_cert` : remote path where certificate is located
- `dest_key` : remote path where key is located
2016-01-12 18:14:36 +07:00
Note: `name` is used to deploy key/cert. With defaults values dans `name` = "foo", key is -> /etc/nginx/ssl/foo/foo.key
2016-01-12 23:26:30 +07:00
Tips
----
Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key` !
If you set all, you can deploy your key everywhere with wanted data!
2016-01-12 18:14:36 +07:00
Diffie-Hellman
--------------
If you do not specify any dh param, this role auto generates it.
Example
-------
```
nginx_vhosts;
- name: 'test-ssl.local'
proto: ['http', 'https']
template: '_base'
ssl_name: 'mysuperkey'
nginx_ssl_pairs:
- name: mysuperkey
key: |
-----BEGIN RSA PRIVATE KEY-----
....(snip)....
-----END RSA PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
....(snip)....
-----END CERTIFICATE-----
```