mirror/ ansible-nginx-hardening
1
0
Fork 0
mirror of https://github.com/dev-sec/ansible-nginx-hardening.git synced 2024-05-11 17:56:05 +02:00
Code Issues Releases Activity

use ansible dhparam module (#32) 

* use ansible dhparam module
This commit is contained in:
schurzi 2020-08-28 12:35:52 +02:00 committed by GitHub
parent 57f7a15b51
commit e266decde8
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -102,7 +102,7 @@ script:
- 'docker run --detach --volume="${PWD}":/etc/ansible/roles/ansible-nginx-hardening:ro ${run_opts} rndmh3ro/docker-${distro}-ansible:${version} "${init}" > "${container_id}"'
# Install ansible galaxy requirements
- 'docker exec "$(cat ${container_id})" ansible-galaxy -c install -r /etc/ansible/roles/ansible-nginx-hardening/requirements.yml -p /etc/ansible/roles/'
- 'docker exec "$(cat ${container_id})" ansible-galaxy install --ignore-certs -r /etc/ansible/roles/ansible-nginx-hardening/requirements.yml -p /etc/ansible/roles/'
# Test role
- 'docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/ansible-nginx-hardening/tests/"${test_playbook}" -vv'

15
tasks/main.yml
View File

@ -85,15 +85,10 @@
- "/etc/nginx/sites-enabled/default"
- name: generate dh group
command: "openssl dhparam -out /etc/nginx/dh{{ nginx_dh_size }}.pem {{ nginx_dh_size }}"
args:
creates: "/etc/nginx/dh{{ nginx_dh_size }}.pem"
notify: restart nginx
- name: config should not be worldwide read- or writeable
file:
path: "/etc/nginx"
mode: "o-rw"
openssl_dhparam:
path: "/etc/nginx/dh{{ nginx_dh_size }}.pem"
size: "{{ nginx_dh_size }}"
mode: '0640'
owner: "root"
group: "root"
recurse: true
notify: restart nginx