ansible-personal/roles/nginx/defaults/main.yml
Alan Orth b7ab2da08a
roles/nginx: Allow usage of Let's Encrypt certs
Hosts can specify use_letsencrypt: 'yes' in their host_vars. For
now this assumes that the certificates already exist (ie, you have
to manually run Let's Encrypt first to register/create the certs).
2016-06-27 19:07:48 +03:00

27 lines
608 B
YAML

---
# file: roles/nginx/defaults/main.yml
# path config
nginx_confd_path: /etc/nginx/conf.d
# parent directory of vhost roots
nginx_root_prefix: /var/www
# 1 hour timeout
nginx_ssl_session_timeout: 1h
# 10MB -> 40,000 sessions
nginx_ssl_session_cache: shared:SSL:10m
# 1400 bytes to fit in one MTU (default is 16k!)
nginx_ssl_buffer_size: 1400
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
# Directory root for Let's Encrypt certs
letsencrypt_root: /etc/letsencrypt/live
# stable is 1.10.x
# mainline is 1.11.x
nginx_version: mainline
# vim: set ts=2 sw=2: