nginx/application: Configure dhparams for SSL

5 years ago · 08a37c6dab
parent 586163c9d0
commit 08a37c6dab
3 changed files with 4 additions and 0 deletions
--- a/roles/nginx/application/defaults/main.yml
+++ b/roles/nginx/application/defaults/main.yml
@ -12,6 +12,8 @@ nginx_global_log_directory: "/var/log/nginx"
 nginx_global_access_log: "{{ nginx_global_log_directory }}/access.log"
 nginx_global_error_log: "{{ nginx_global_log_directory }}/error.log"

+# dhparams_remote_path from misc/dhparams
+
 acme_validation_directory: ".well-known/acme-challenge"
 nginx_validation_root_directory: "/var/www/validation"
 nginx_validation_test_file: "{{ nginx_validation_root_directory }}/{{ acme_validation_directory }}/test"
--- a/roles/nginx/application/meta/main.yml
+++ b/roles/nginx/application/meta/main.yml
@ -3,4 +3,5 @@
 allow_duplicates: no

 dependencies:
+  - role: misc/dhparams
  - role: acme/application
--- a/roles/nginx/application/templates/ssl.conf
+++ b/roles/nginx/application/templates/ssl.conf
@ -4,6 +4,7 @@ ssl_prefer_server_ciphers off;
 ssl_session_cache shared:SSL:10m;
 ssl_session_timeout 1d;
 ssl_session_tickets off;
+ssl_dhparam {{ dhparams_remote_path }};
 ssl_stapling on;
 ssl_stapling_verify on;
 ssl_trusted_certificate /etc/ssl/certs/ISRG_Root_X1.pem;