Better dh management
parent
ad9c0fa979
commit
883948f081
|
@ -13,7 +13,6 @@ nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
|
|||
nginx_resolver_valid: '300s'
|
||||
nginx_resolver_timeout: '5s'
|
||||
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
|
||||
nginx_dh_length: 2048
|
||||
|
||||
#
|
||||
# Nginx directories
|
||||
|
@ -97,3 +96,10 @@ nginx_htpasswd: []
|
|||
# SSL pairs
|
||||
#
|
||||
nginx_ssl_pairs: []
|
||||
|
||||
#
|
||||
# Diffie-Helman
|
||||
#
|
||||
nginx_dh: null
|
||||
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
|
||||
nginx_dh_length: 2048
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
- name: INCLUDE | htpasswd configuration
|
||||
include: htpasswd.yml
|
||||
|
||||
- name: INCLUDE | Vhosts configuration
|
||||
- name: INCLUDE | SSL configuration
|
||||
include: ssl.yml
|
||||
|
||||
- name: INCLUDE | Vhosts configuration
|
||||
|
|
|
@ -1,9 +1,18 @@
|
|||
---
|
||||
|
||||
- name: COMMAND | Creates DH file
|
||||
- name: COMMAND | Generate DH file
|
||||
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
|
||||
args:
|
||||
creates: "{{ nginx_dh_path }}"
|
||||
when: nginx_dh is not string
|
||||
notify: reload nginx
|
||||
|
||||
- name: COPY | Deploy DH file from vars
|
||||
copy: >
|
||||
content="{{ nginx_dh }}"
|
||||
dest="{{ nginx_dh_path }}"
|
||||
when: nginx_dh is string
|
||||
notify: reload nginx
|
||||
|
||||
- name: FILE | Create SSL directories
|
||||
file: >
|
||||
|
@ -25,9 +34,3 @@
|
|||
with_items: nginx_ssl_pairs
|
||||
notify: reload nginx
|
||||
|
||||
#- name: FAIL | Missmatch vhost SSL configuration
|
||||
# fail: msg="FUCK {{ item.name }}"
|
||||
#
|
||||
#
|
||||
#
|
||||
# nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key'
|
||||
|
|
|
@ -13,6 +13,6 @@ ssl_stapling on;
|
|||
ssl_stapling_verify on;
|
||||
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
|
||||
resolver_timeout {{ nginx_resolver_timeout }};
|
||||
|
||||
ssl_dhparam {{ nginx_dh_path }};
|
||||
|
||||
# vim:filetype=nginx
|
||||
|
|
|
@ -13,5 +13,6 @@ ssl_stapling on;
|
|||
ssl_stapling_verify on;
|
||||
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
|
||||
resolver_timeout {{ nginx_resolver_timeout }};
|
||||
ssl_dhparam {{ nginx_dh_path }};
|
||||
|
||||
# vim:filetype=nginx
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
nginx_dh_path: /etc/nginx/ssl/dhparams.pem
|
||||
|
||||
nginx_upstream_server_params:
|
||||
- key: 'weight'
|
||||
default: 1
|
||||
|
@ -29,4 +27,3 @@ nginx_dirs:
|
|||
- "{{ nginx_ssl_dir }}"
|
||||
- "{{ nginx_helper_dir }}"
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue