SSL helper can be disabled

doc/vhost.md

@@ -26,6 +26,7 @@ Common
 - `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost.
 - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
 - `ssl_name`: (D) name of the key used when using TLS/SSL. Mandatory when `proto` contains "https"
+- `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false". 
 
 (O): Optional
 (M): Mandatory

templates/etc/nginx/sites-available/_base.j2

@@ -34,7 +34,9 @@ server {
 	listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %};
 {% endfor %}
 {{ ssl(item.ssl_name) }}
+{% if item.ssl_template is not defined or item.ssl_template != false %}
 	include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
+{% endif %}
 {% endif %}
 	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
 {% block root %}

tests/test.yml

@@ -174,6 +174,7 @@
         ssl_name: 'test-ssl-predeployed.local'
         more:
           - 'add_header X-ansible-default 1;'
+        ssl_template: false
       - name: 'test-ssl-redirect.local'
         proto: ['https']
         template: '_base'