Better dh management

pull/14/head
Emilien Mantel 2016-01-12 11:16:41 +01:00
parent ad9c0fa979
commit 883948f081
6 changed files with 20 additions and 13 deletions

View File

@ -13,7 +13,6 @@ nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
nginx_resolver_valid: '300s'
nginx_resolver_timeout: '5s'
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
nginx_dh_length: 2048
#
# Nginx directories
@ -97,3 +96,10 @@ nginx_htpasswd: []
# SSL pairs
#
nginx_ssl_pairs: []
#
# Diffie-Helman
#
nginx_dh: null
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
nginx_dh_length: 2048

View File

@ -15,7 +15,7 @@
- name: INCLUDE | htpasswd configuration
include: htpasswd.yml
- name: INCLUDE | Vhosts configuration
- name: INCLUDE | SSL configuration
include: ssl.yml
- name: INCLUDE | Vhosts configuration

View File

@ -1,9 +1,18 @@
---
- name: COMMAND | Creates DH file
- name: COMMAND | Generate DH file
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
args:
creates: "{{ nginx_dh_path }}"
when: nginx_dh is not string
notify: reload nginx
- name: COPY | Deploy DH file from vars
copy: >
content="{{ nginx_dh }}"
dest="{{ nginx_dh_path }}"
when: nginx_dh is string
notify: reload nginx
- name: FILE | Create SSL directories
file: >
@ -25,9 +34,3 @@
with_items: nginx_ssl_pairs
notify: reload nginx
#- name: FAIL | Missmatch vhost SSL configuration
# fail: msg="FUCK {{ item.name }}"
#
#
#
# nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key'

View File

@ -13,6 +13,6 @@ ssl_stapling on;
ssl_stapling_verify on;
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }};
ssl_dhparam {{ nginx_dh_path }};
# vim:filetype=nginx

View File

@ -13,5 +13,6 @@ ssl_stapling on;
ssl_stapling_verify on;
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }};
ssl_dhparam {{ nginx_dh_path }};
# vim:filetype=nginx

View File

@ -1,5 +1,3 @@
nginx_dh_path: /etc/nginx/ssl/dhparams.pem
nginx_upstream_server_params:
- key: 'weight'
default: 1
@ -29,4 +27,3 @@ nginx_dirs:
- "{{ nginx_ssl_dir }}"
- "{{ nginx_helper_dir }}"