Template ocsp

2024-01-02 11:36:02 +01:00 · 2024-01-02 11:36:02 +01:00 · 9e6d85bb0b
parent 0f38850a07
commit 9e6d85bb0b
2 changed files with 12 additions and 6 deletions
--- a/tasks/install-Debian.yml
+++ b/tasks/install-Debian.yml
@ -126,7 +126,6 @@
    - { 'src': 'etc/nginx/conf.d/hsts.conf', 'dest': '/etc/nginx/conf.d/hsts.conf' }
    - { 'src': 'etc/nginx/conf.d/proxy.conf', 'dest': '/etc/nginx/conf.d/proxy.conf' }
    - { 'src': 'etc/nginx/conf.d/ssl.conf', 'dest': '/etc/nginx/conf.d/ssl.conf' }
-    - { 'src': 'etc/nginx/conf.d/ocsp.conf', 'dest': '/etc/nginx/conf.d/ocsp.conf' }
    - { 'src': 'etc/nginx/conf/fastcgi.conf', 'dest': '/etc/nginx/conf/fastcgi.conf' }
    - { 'src': 'etc/nginx/conf/fastcgi_params', 'dest': '/etc/nginx/conf/fastcgi_params' }
    - { 'src': 'etc/nginx/conf/koi-utf', 'dest': '/etc/nginx/conf/koi-utf' }
@ -141,14 +140,16 @@
    - install
    - reconfigure

-
- name: Add Nginx.conf
+- name: Add templated configuration 
  template:
-    src: nginx.conf.j2
-    dest: /etc/nginx/conf/nginx.conf
-    mode: 0644
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0640
    owner: root
    group: root
+  loop:
+    - { 'src': 'ocsp.conf.j2', 'dest': '/etc/nginx/conf.d/ocsp.conf' }
+    - { 'src': 'nginx.conf.j2', 'dest': '/etc/nginx/conf/nginx.conf' }
  tags:
    - install
    - reconfigure
--- a/templates/ocsp.conf.j2
+++ b/templates/ocsp.conf.j2
@ -0,0 +1,5 @@
+ssl_stapling on;
+ssl_stapling_verify on;
+ssl_trusted_certificate /etc/nginx/ssl/private/letsencrypt-certs.pem;
+resolver {{ nginx_resolver | default('127.0.0.1') }} valid=300s;
+resolver_timeout 5s;