Commit 3705c7e8 authored by Mattia Rizzolo's avatar Mattia Rizzolo

nginx: generate dh params

Signed-off-by: Mattia Rizzolo's avatarMattia Rizzolo <mattia@debian.org>
parent ec7457ea
...@@ -42,6 +42,11 @@ ...@@ -42,6 +42,11 @@
notify: notify:
- common.reload-firewall - common.reload-firewall
- name: Generate Diffie-Hellman params
command: openssl dhparam -out /etc/nginx/dhparam.pem 4096
args:
creates: /etc/nginx/dhparam.pem
- name: Add an hook to reload nginx when there are new ssl keys - name: Add an hook to reload nginx when there are new ssl keys
template: template:
src: reload-nginx src: reload-nginx
......
...@@ -13,4 +13,4 @@ ssl_session_cache shared:SSL:5m; ...@@ -13,4 +13,4 @@ ssl_session_cache shared:SSL:5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXP:!LOW:!MD5; ssl_ciphers HIGH:!aNULL:!eNULL:!EXP:!LOW:!MD5;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
#ssl_dhparam dhparams.pem; ssl_dhparam dhparams.pem;
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment