create dhparam

This commit is contained in:
Robert Kaussow 2017-07-15 23:01:47 +02:00
parent 232964e6d7
commit 8c1db6d5c5
3 changed files with 15 additions and 1 deletions

View File

@ -5,3 +5,6 @@ nginx_open_ports:
ssl_priv_key: "" ssl_priv_key: ""
ssl_intermediate_cert: "" ssl_intermediate_cert: ""
ssl_chained_cert: "" ssl_chained_cert: ""
dhparam_size: '4069'
dhparam_file: '/etc/pki/tls/certs/dhparam-{{dhparam_size}}.pem'

View File

@ -111,6 +111,17 @@
notify: notify:
- nginx_reload - nginx_reload
- name: register dhparam file
stat:
path: "{{ dhparam_file }}"
register: dh_file
- name: Generate Diffie-Hellman parameter file
shell: "/usr/bin/openssl dhparam -out '{{ dhparam_file }}' {{ dhparam_size }}"
async: 3600
poll: 60
when: dh_file.stat.isfile is not defined
- name: Open ports in iptables - name: Open ports in iptables
iptables_raw: iptables_raw:
name: allow_nginx_ports name: allow_nginx_ports

View File

@ -13,4 +13,4 @@ ssl_stapling_verify on;
ssl_trusted_certificate /etc/pki/tls/certs/my-intermediate.crt; ssl_trusted_certificate /etc/pki/tls/certs/my-intermediate.crt;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/cert/dhparam.pem; ssl_dhparam {{ dhparam_file }};