configure dhparam
This commit is contained in:
parent
48f3f66afd
commit
ccab1f89fb
|
@ -92,6 +92,8 @@ matrix_open_ports:
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
matrix_tls_enabled: False
|
matrix_tls_enabled: False
|
||||||
|
matrix_tls_dhparam_path: "{{ matrix_base_dir }}/tls/dhparam.pem"
|
||||||
|
matrix_tls_dhparam_size: 2048
|
||||||
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
|
matrix_tls_cert_path: "{{ matrix_base_dir }}/tls/certs/mycert.pem"
|
||||||
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
|
matrix_tls_key_path: "{{ matrix_base_dir }}/tls/private/mykey.pem"
|
||||||
matrix_tls_cert_source: mycert.pem
|
matrix_tls_cert_source: mycert.pem
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
group: "{{ matrix_group }}"
|
group: "{{ matrix_group }}"
|
||||||
recurse: True
|
recurse: True
|
||||||
with_items:
|
with_items:
|
||||||
|
- "{{ matrix_tls_dhparam_path | dirname }}"
|
||||||
- "{{ matrix_tls_cert_path | dirname }}"
|
- "{{ matrix_tls_cert_path | dirname }}"
|
||||||
- "{{ matrix_tls_key_path | dirname }}"
|
- "{{ matrix_tls_key_path | dirname }}"
|
||||||
become: True
|
become: True
|
||||||
|
@ -24,5 +25,11 @@
|
||||||
- { src: "{{ matrix_tls_cert_source }}", dest: '{{ matrix_tls_cert_path }}', mode: '0750' }
|
- { src: "{{ matrix_tls_cert_source }}", dest: '{{ matrix_tls_cert_path }}', mode: '0750' }
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.dest }}"
|
label: "{{ item.dest }}"
|
||||||
|
|
||||||
|
- name: Create Diffie-Hellman Parameter
|
||||||
|
openssl_dhparam:
|
||||||
|
path: "{{ matrix_tls_dhparam_path }}"
|
||||||
|
size: "{{ matrix_tls_dhparam_size }}"
|
||||||
|
when: matrix_tls_dhparam_path is defined
|
||||||
become: True
|
become: True
|
||||||
become_user: "{{ matrix_user }}"
|
become_user: "{{ matrix_user }}"
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
{% if matrix_tls_enabled %}
|
{% if matrix_tls_enabled %}
|
||||||
tls_certificate_path: "{{ matrix_tls_cert_path }}"
|
tls_certificate_path: "{{ matrix_tls_cert_path }}"
|
||||||
tls_private_key_path: "{{ matrix_tls_key_path }}"
|
tls_private_key_path: "{{ matrix_tls_key_path }}"
|
||||||
#tls_dh_params_path: "{{ matrix_conf_dir }}/matrix.example.com.tls.dh"
|
tls_dh_params_path: "{{ matrix_tls_dhparam_path }}"
|
||||||
no_tls: False
|
no_tls: False
|
||||||
{% else %}
|
{% else %}
|
||||||
no_tls: True
|
no_tls: True
|
||||||
|
|
Loading…
Reference in New Issue
Block a user