Merge branch 'master' of git.dryusdan.fr:Ansible/nginx

defaults/main.yml

@@ -25,3 +25,4 @@ listen_ipv4:
 
 listen_ipv6:
   - "::"
+

tasks/configure-vhost.yml

@@ -59,12 +59,13 @@
   shell: "certbot certonly --non-interactive  --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt {% for domain in item.server_name %} -d {{ domain }} {% endfor %} --expand --rsa-key-size 4096;"
   when: 
     - item.ssl 
+    - item.letsencrypt is defined
 
 - name: "Create certificate"
   shell: "certbot certonly --non-interactive  --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt {% for domain in item.server_name %} -d {{ domain }} {% endfor %} --expand --rsa-key-size 4096;"
   when: 
     - item.ssl 
-    - item.letsencrypt 
+    - item.letsencrypt is defined
     - item.state == "present" or item.state is not defined
     - vhost_changed.changed
     - item.letsencrypt_key is defined and item.letsencrypt_key == "rsa"
@@ -76,7 +77,7 @@
   shell: "certbot certonly --non-interactive  --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt {% for domain in item.server_name %} -d {{ domain }} {% endfor %} --expand --key-type ecdsa --elliptic-curve secp384r1;"
   when: 
     - item.ssl 
-    - item.letsencrypt 
+    - item.letsencrypt is defined
     - item.state == "present" or item.state is not defined
     - vhost_changed.changed
     - item.letsencrypt_key is not defined 

templates/vhosts/partials/ssl.j2

@@ -13,7 +13,11 @@ ssl_certificate_key {{ item.ssl_certificate_key }};
 {% endif %}
 
 include /etc/nginx/conf.d/ssl.conf;
+{% if item.disable_ocsp is defined and item.disable_ocsp == True %}
 include /etc/nginx/conf.d/ocsp.conf;
+{% endif %}
+{% if item.disable_hsts is defined and item.disable_hsts == True %}
 include /etc/nginx/conf.d/hsts.conf;
+{% endif %}
 
 {% endif %}