Alan Orth
b7ab2da08a
Hosts can specify use_letsencrypt: 'yes' in their host_vars. For now this assumes that the certificates already exist (ie, you have to manually run Let's Encrypt first to register/create the certs).
27 lines
608 B
YAML
27 lines
608 B
YAML
---
|
|
# file: roles/nginx/defaults/main.yml
|
|
|
|
# path config
|
|
nginx_confd_path: /etc/nginx/conf.d
|
|
|
|
# parent directory of vhost roots
|
|
nginx_root_prefix: /var/www
|
|
|
|
# 1 hour timeout
|
|
nginx_ssl_session_timeout: 1h
|
|
# 10MB -> 40,000 sessions
|
|
nginx_ssl_session_cache: shared:SSL:10m
|
|
# 1400 bytes to fit in one MTU (default is 16k!)
|
|
nginx_ssl_buffer_size: 1400
|
|
nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
|
|
nginx_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
|
|
|
|
# Directory root for Let's Encrypt certs
|
|
letsencrypt_root: /etc/letsencrypt/live
|
|
|
|
# stable is 1.10.x
|
|
# mainline is 1.11.x
|
|
nginx_version: mainline
|
|
|
|
# vim: set ts=2 sw=2:
|