Manage the httpd_can_network_relay SELinux boolean.

2020-08-04 16:34:42 +02:00 · 2020-08-04 16:34:42 +02:00 · 842398b69f
parent f9661dba71
commit 842398b69f
1 changed files with 8 additions and 3 deletions
--- a/tasks/nginx-rh.yml
+++ b/tasks/nginx-rh.yml
@ -3,18 +3,23 @@
  - name: Install the nginx web server
    yum: pkg=nginx state={{ nginx_package_state }}

-  - name: nginx must be able to network connect when used as a proxy
+  - name: nginx must be able to network connect and relay when used as a proxy
    seboolean:
      name: httpd_can_network_connect
-      state: yes
+      state: 1
      persistent: yes
+    with_items:
+      - 'httpd_can_network_connect'
+      - 'httpd_can_network_relay'
    when: letsencrypt_acme_install is defined and letsencrypt_acme_install
+    tags: [ 'nginx', 'nginx_selinux' ]

  - name: Give nginx the ability to set RLIMIT_NOFILE
    seboolean:
      name: httpd_setrlimit
      state: 1
      persistent: yes
+    tags: [ 'nginx', 'nginx_selinux' ]

  when: ansible_distribution_file_variety == "RedHat"
-  tags: nginx
+  tags: [ 'nginx' ]