vsftpd: Support TLS in the Ubuntu role.

2020-03-19 13:31:38 +01:00 · 2020-03-19 13:31:38 +01:00 · 37d23844e3
parent 59717eae9c
commit 37d23844e3
2 changed files with 28 additions and 1 deletions
--- a/library/roles/vsftpd/defaults/main.yml
+++ b/library/roles/vsftpd/defaults/main.yml
@ -22,3 +22,10 @@ vsftpd_manage_user_acls: True
 vsftpd_manage_real_users: False
 vsftpd_manage_valid_shells: False
 vsftpd_tls_enabled: True
 vsftpd_force_tls: True
 vsftpd_tls_letsencrypt: True
 vsftpd_ssl_ca_certificate: '{{ letsencrypt_acme_certs_dir }}/fullchain'
 vsftpd_ssl_certificate: '{{ letsencrypt_acme_certs_dir }}/cert'
 vsftpd_ssl_certificate_key: '{{ letsencrypt_acme_certs_dir }}/privkey'
--- a/library/roles/vsftpd/templates/vsftpd.conf.j2
+++ b/library/roles/vsftpd/templates/vsftpd.conf.j2
@ -117,10 +117,30 @@ secure_chroot_dir=/var/run/vsftpd/empty
 # This string is the name of the PAM service vsftpd will use.
 pam_service_name=vsftpd
 #
 {% if vsftpd_tls_enabled %}
 # SSL/TLS
 ssl_enable=YES
 ssl_sslv2=NO
 ssl_sslv3=NO
 {% if ansible_distribution_version is version_compare('18.04', '>=') %}
 ssl_tlsv1=NO
 ssl_tlsv1_1=NO
 ssl_tlsv1_2=YES
 {% else %}
 ssl_tlsv1=YES
 {% endif %}
 ca_certs_file={{ vsftpd_ssl_ca_certificate }}
 rsa_cert_file={{ vsftpd_ssl_certificate }}
 rsa_private_key_file={{ vsftpd_ssl_certificate_key }}
 {% if vsftpd_force_tls %}
 force_local_logins_ssl=YES
 force_local_data_ssl=YES
 {% endif %}
 {% else %}
 # This option specifies the location of the RSA certificate to use for SSL
 # encrypted connections.
 rsa_cert_file=/etc/ssl/private/vsftpd.pem
-
+{% endif %}
 local_root={{ vsftpd_local_root }}
 pasv_min_port={{ vsftpd_pasv_min_port }}