ISTI-ansible-roles
/
ansible-role-nginx
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Change the default fullchain path

This commit is contained in:
Andrea Dell'Amico 2023-07-13 12:57:02 +02:00
parent bef6836069
commit b25d586850
Signed by: adellam
GPG Key ID: 147ABE6CEB9E20FF
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
templates/nginx-server-ssl.conf.j2
View File

@ -43,7 +43,12 @@ ssl_stapling_verify on;
{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
ssl_trusted_certificate {{ letsencrypt_acme_certs_dir }}/fullchain;
{% else %}
ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/nginx/ssl/cacert.crt') }};
{% if ansible_distribution_file_variety == "Debian" %}
ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/ssl/certs/ca-certificates.crt') }};
{% if ansible_distribution_file_variety == "RedHat" %}
ssl_trusted_certificate {{ nginx_ssl_fullchain_file | default('/etc/pki/tls/cert.pem') }};
{% endif %}
{% endif %}
{% endif %}
add_header Strict-Transport-Security "max-age={{ nginx_strict_transport_security_expire }}{% if nginx_strict_transport_security_include_subdomains %}; includeSubdomains{% endif %}";
{% endif %}