alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Allow custom resolvers for TLS stapling

Browse Source 
Allows to specify custom DNS resolvers for TLS stapling, with a default
of Cloudflare's public DNS servers.
This commit is contained in:
Alan Orth
2018-04-30 18:04:17 +03:00
parent bda95b6a1c
commit 0a39051a95
2 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/nginx/defaults/main.yml
View File

@ -16,6 +16,10 @@ nginx_ssl_buffer_size: 1400
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
# DNS resolvers for OCSP stapling (default to Cloudflare public DNS)
# See: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
nginx_ssl_stapling_resolver: '1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001]'
# install certbot + dependencies?
# True unless you're in development and using "localhost" + snakeoil certs
use_letsencrypt: True