Author: Robert Kaussow <mail@geeklabor.de>
Date:   Thu Jun 4 23:09:15 2020 +0200

    allow uploading a list of certificate files
This commit is contained in:
Robert Kaussow 2020-06-04 21:11:51 +00:00
parent e7b1797cef
commit 708c39fec5

View File

@ -33,16 +33,13 @@ Setup [nginx](https://www.nginx.com/) webserver. Nginx is an open source reverse
* [nginx_reset_timedout_connection](#nginx_reset_timedout_connection)
* [nginx_send_timeout](#nginx_send_timeout)
* [nginx_server_names_hash_bucket_size](#nginx_server_names_hash_bucket_size)
* [nginx_tls_cert_file](#nginx_tls_cert_file)
* [nginx_tls_cert_source](#nginx_tls_cert_source)
* [nginx_tls_certificates](#nginx_tls_certificates)
* [nginx_tls_ciphers](#nginx_tls_ciphers)
* [nginx_tls_dhparam_file](#nginx_tls_dhparam_file)
* [nginx_tls_dhparam_size](#nginx_tls_dhparam_size)
* [nginx_tls_ecdh_curve](#nginx_tls_ecdh_curve)
* [nginx_tls_enabled](#nginx_tls_enabled)
* [nginx_tls_hsts_enabled](#nginx_tls_hsts_enabled)
* [nginx_tls_key_file](#nginx_tls_key_file)
* [nginx_tls_key_source](#nginx_tls_key_source)
* [nginx_tls_ocsp_enabled](#nginx_tls_ocsp_enabled)
* [nginx_tls_ocsp_trusted_certificate](#nginx_tls_ocsp_trusted_certificate)
* [nginx_tls_versions](#nginx_tls_versions)
@ -314,24 +311,24 @@ nginx_send_timeout: 60
nginx_server_names_hash_bucket_size: 32
```
### nginx_tls_cert_file
Set the destination filename.
### nginx_tls_certificates
#### Default value
```YAML
nginx_tls_cert_file: mycert.pem
nginx_tls_certificates: []
```
### nginx_tls_cert_source
Source has to be a file.
#### Default value
#### Example usage
```YAML
nginx_tls_cert_source: _unset_
nginx_tls_certificates:
- source: "{{ ansible_user_dir }}/files/mycert.pem"
dest: /etc/pki/tls/certs/mycert.pem
mode: 0644
- source: "{{ ansible_user_dir }}/files/mykey.pem"
dest: /etc/pki/tls/private/mykey.pem
mode: 0600
```
### nginx_tls_ciphers
@ -387,26 +384,6 @@ nginx_tls_enabled: false
nginx_tls_hsts_enabled: false
```
### nginx_tls_key_file
Set the destination filename.
#### Default value
```YAML
nginx_tls_key_file: mykey.pem
```
### nginx_tls_key_source
Source has to be a file.
#### Default value
```YAML
nginx_tls_key_source: _unset_
```
### nginx_tls_ocsp_enabled
#### Default value
@ -474,8 +451,8 @@ nginx_vhosts_default:
tls_redirect: False # skips locations if enabled
tls_redirect_url:
tls:
cert: /etc/pki/tls/..
key: /etc/pki/tls/..
cert: /etc/pki/tls/certs/mycert.pem
key: /etc/pki/tls/private/mykey.pem
dhparam:
client_max_body_size:
send_timeout: