infra/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added option to disable monitoring and pki

Browse source
This commit is contained in:
nd 2019-04-13 23:32:58 +02:00
parent 6f47d40424
commit 5846acce89
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
4 changed files with 11 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
templates/ssl_files.j2
View file

@ -1,7 +1,10 @@
{% if nginx.serverpki %}
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /etc/ssl/{{ inventory_hostname }}.crt;
ssl_certificate_key /etc/ssl/private/{{ inventory_hostname }}.key;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
{% endif %}
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits