misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity

[int]

Browse source
This commit is contained in:
Christian Fraß 2025-10-07 16:07:09 +02:00
parent 4a7a75651c
commit c4db57b83a
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/nginx/defaults/main.json
View file

@ -1,4 +1,4 @@
{ {
"var_nginx_auto_reload_interval": null, "var_nginx_auto_reload_interval": null,
"var_nginx_dhparam_size": 2048 "var_nginx_improved_security": false
} }

4
roles/nginx/tasks/main.json
View file

@ -13,8 +13,9 @@
{ {
"name": "generate dhparams file", "name": "generate dhparams file",
"become": true, "become": true,
"when": "var_nginx_improved_security",
"ansible.builtin.command": { "ansible.builtin.command": {
"cmd": "openssl dhparam -out /etc/nginx/dhparam {{var_nginx_dhparam_size | string}}" "cmd": "openssl dhparam -out /etc/nginx/dhparam 4096"
}, },
"args": { "args": {
"creates": "/etc/nginx/dhparam" "creates": "/etc/nginx/dhparam"
@ -22,6 +23,7 @@
}, },
{ {
"name": "place hardening config", "name": "place hardening config",
"when": "var_nginx_improved_security",
"become": true, "become": true,
"ansible.builtin.copy": { "ansible.builtin.copy": {
"src": "ssl-hardening.conf", "src": "ssl-hardening.conf",