fix some standards

This commit is contained in:
Robert Kaussow 2018-10-22 10:56:39 +02:00
parent 4c62a7fcc2
commit 11a3fe5b59
6 changed files with 142 additions and 137 deletions

View File

@ -58,6 +58,11 @@ nginx_tls_source_use_files: True
nginx_tls_cert_file: mycert.pem nginx_tls_cert_file: mycert.pem
nginx_tls_key_file: mykey.pem nginx_tls_key_file: mykey.pem
nginx_tls_ciphers:
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES128-SHA
nginx_tls_ocsp_enabled: False nginx_tls_ocsp_enabled: False
# nginx_tls_ocsp_trusted_certificate: # defaults to not set # nginx_tls_ocsp_trusted_certificate: # defaults to not set

View File

@ -1,9 +1,8 @@
--- ---
- name: reload nginx - name: Reload nginx
systemd: systemd:
state: reloaded state: reloaded
name: nginx name: nginx
listen: listen: __nginx_reload
- __nginx_reload
become: True become: True
become_user: root become_user: root

View File

@ -1,3 +1,4 @@
# Standards: 0.1
--- ---
galaxy_info: galaxy_info:
author: xoxys author: xoxys

View File

@ -1,3 +1,4 @@
---
- block: - block:
- name: Copy certs and private key (content) - name: Copy certs and private key (content)
copy: copy:

View File

@ -1,13 +1,12 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# certificate settings ssl_ciphers '{{ nginx_tls_ciphers | join(":") }}';
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA';
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
{% if nginx_tls_enabled and nginx_tls_ocsp_enabled %} {% if nginx_tls_ocsp_enabled %}
ssl_stapling on; ssl_stapling on;
ssl_trusted_certificate /pfad/bundle.ca.pem; ssl_trusted_certificate {{ nginx_tls_ocsp_trusted_certificate }};
ssl_stapling_verify on; ssl_stapling_verify on;
{% endif %} {% endif %}