nginx: Make DH params optional

This is for early production / development phase.
author: Robin Obůrka <robin.oburka@nic.cz> 2016-10-18 15:16:46 +0200
committer: Robin Obůrka <r.oburka@gmail.com> 2016-10-19 09:31:52 +0200
commit: 3e570925f0c0dca8ad348cb5108ac65f2072a412 (patch)
tree: ca0b13d31224150860233e8506fac48be4450afc /roles/nginx/templates/snippets/ssl-medium-common.conf.j2
parent: nginx: Provide new mechanism for default page manipulation (diff)
download: ansible-roles-3e570925f0c0dca8ad348cb5108ac65f2072a412.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/roles/nginx/templates/snippets/ssl-medium-common.conf.j2 b/roles/nginx/templates/snippets/ssl-medium-common.conf.j2
index 581f55f..be2b57b 100644
--- a/roles/nginx/templates/snippets/ssl-medium-common.conf.j2
+++ b/roles/nginx/templates/snippets/ssl-medium-common.conf.j2
@@ -1,5 +1,7 @@
 ssl on;
+{% if nginx_skip_dhparams == False %}
 ssl_dhparam /etc/ssl/dh4096.pem;
+{% endif %}
 
 ssl_prefer_server_ciphers on;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
author	Robin Obůrka <robin.oburka@nic.cz>	2016-10-18 15:16:46 +0200
committer	Robin Obůrka <r.oburka@gmail.com>	2016-10-19 09:31:52 +0200
commit	3e570925f0c0dca8ad348cb5108ac65f2072a412 (patch)
tree	ca0b13d31224150860233e8506fac48be4450afc /roles/nginx/templates/snippets/ssl-medium-common.conf.j2
parent	nginx: Provide new mechanism for default page manipulation (diff)
download	ansible-roles-3e570925f0c0dca8ad348cb5108ac65f2072a412.tar.xz