generate and use random Ephemeral Diffie-Hellman group

2025-09-09 14:09:29 +00:00 · 2016-04-21 13:57:11 -04:00
parent c8351dce29
commit e68b778711
4 changed files with 114 additions and 26 deletions
--- a/roles/easyredmine/tasks/nginx.yml
+++ b/roles/easyredmine/tasks/nginx.yml
@@ -21,7 +21,22 @@
    - nginx
    - passenger

+- stat: path='{{ dharam_pem_path }}'
+  register: dharam_pem
+
+# https://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score
+- name: generate new Diffie-Hellman group
+  command: 'openssl dhparam -out {{ dharam_pem_path }} 2048'
+  sudo: yes
+  notify: restart nginx
+  when: dharam_pem.stat.exists == False
+
 - template: dest='/etc/nginx/conf.d/easyredmine.conf'
+            src=easyredmine.conf.j2
+  sudo: yes
+  notify: restart nginx
+
+- template: dest='/etc/nginx/nginx.conf'
            src=nginx.conf.j2
  sudo: yes
  notify: restart nginx