Manage the httpd_can_network_relay SELinux boolean.
This commit is contained in:
parent
f9661dba71
commit
842398b69f
|
@ -3,18 +3,23 @@
|
||||||
- name: Install the nginx web server
|
- name: Install the nginx web server
|
||||||
yum: pkg=nginx state={{ nginx_package_state }}
|
yum: pkg=nginx state={{ nginx_package_state }}
|
||||||
|
|
||||||
- name: nginx must be able to network connect when used as a proxy
|
- name: nginx must be able to network connect and relay when used as a proxy
|
||||||
seboolean:
|
seboolean:
|
||||||
name: httpd_can_network_connect
|
name: httpd_can_network_connect
|
||||||
state: yes
|
state: 1
|
||||||
persistent: yes
|
persistent: yes
|
||||||
|
with_items:
|
||||||
|
- 'httpd_can_network_connect'
|
||||||
|
- 'httpd_can_network_relay'
|
||||||
when: letsencrypt_acme_install is defined and letsencrypt_acme_install
|
when: letsencrypt_acme_install is defined and letsencrypt_acme_install
|
||||||
|
tags: [ 'nginx', 'nginx_selinux' ]
|
||||||
|
|
||||||
- name: Give nginx the ability to set RLIMIT_NOFILE
|
- name: Give nginx the ability to set RLIMIT_NOFILE
|
||||||
seboolean:
|
seboolean:
|
||||||
name: httpd_setrlimit
|
name: httpd_setrlimit
|
||||||
state: 1
|
state: 1
|
||||||
persistent: yes
|
persistent: yes
|
||||||
|
tags: [ 'nginx', 'nginx_selinux' ]
|
||||||
|
|
||||||
when: ansible_distribution_file_variety == "RedHat"
|
when: ansible_distribution_file_variety == "RedHat"
|
||||||
tags: nginx
|
tags: [ 'nginx' ]
|
||||||
|
|
Loading…
Reference in New Issue