roles/nginx: generate snakeoil cert manually
The ssl-cert does this, but it includes the hostname of the server as the subject name in the cert, which is a huge leak of privacy.
This commit is contained in:
@ -16,9 +16,9 @@ server {
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
server_name _;
|
||||
|
||||
# self-signed "snakeoil" certificate from ssl-cert package
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
# self-signed "snakeoil" certificate
|
||||
ssl_certificate /etc/ssl/certs/nginx-snakeoil.crt;
|
||||
ssl_certificate_key /etc/ssl/private/nginx-snakeoil.key;
|
||||
|
||||
ssl_session_timeout {{ nginx_ssl_session_timeout }};
|
||||
ssl_session_cache {{ nginx_ssl_session_cache }};
|
||||
|
||||
Reference in New Issue
Block a user