Comments (5)
Hi @jrobeson ,
nginx_configs don't cover your needs ?
nginx_configs:
ssl:
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2
- ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
- ssl_prefer_server_ciphers on
- ssl_stapling on
- ssl_stapling_verify on
It will create and include /etc/nginx/conf.d/ssl.conf
from ansible-role-nginx.
if a host doesn't use ssl, will this cause any performance issues for them? I'm not sure how nginx deals with this, as i don't usually have a config with some ssl and some not.
from ansible-role-nginx.
The ssl_* parameters only impact if you have this line on a server {} block :
listen port_number ssl
I always do like that and It doesn't impact non ssl config.
from ansible-role-nginx.
my other usecase for this is my app. I have two different playbooks. One for an applicance/standalone machine and another for the hosted/sass version. They all share the same app configuration, but the hosts names, ssl availablility, and ports are all different. I'd prefer not to duplicate the same 30 line app configuration between these two different playbooks. It'd be too easy to get out of sync.
Of course, this problem would be pretty easily solved if ansible allowed a per dict instance for merging instead of only the global setting.
from ansible-role-nginx.
You can now do that with the new notation of the v1.2 👍
https://github.com/jdauphant/ansible-role-nginx/releases/tag/v1.2
Thanks for your help @jrobeson
from ansible-role-nginx.
Related Issues (20)
- Add installation from sources HOT 1
- remove a site is not taken in consideration HOT 2
- Ansible error HOT 1
- Change nginx user HOT 4
- disable default config HOT 5
- Error in handlers/main.yml HOT 1
- issue when adding header parameter with ";" HOT 1
- Does this role need run as root? HOT 1
- amplify.api_key variable does not exist HOT 1
- add_header X-XSS-Protection is causing problems HOT 2
- Nginx didn't start on install
- v2.16 missing on https://galaxy.ansible.com/jdauphant/nginx HOT 1
- Warning, Duplicate When Key HOT 5
- Allow for no default config to be generated HOT 3
- Configuring modules is currently limited to Centos/RHEL only HOT 1
- Missing mime.types file plus /etc/mime.types idea HOT 2
- Adhere to ansible-lint rules HOT 2
- Travis job is still on python 2.7 HOT 2
- Debian 12 (python3) support
- version > v2.21.2 are not avaiable via ansible-galaxy install command
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-nginx.