forked from ISTI-ansible-roles/ansible-roles
vsftpd: Support TLS in the Ubuntu role.
This commit is contained in:
parent
59717eae9c
commit
37d23844e3
|
@ -22,3 +22,10 @@ vsftpd_manage_user_acls: True
|
|||
vsftpd_manage_real_users: False
|
||||
vsftpd_manage_valid_shells: False
|
||||
|
||||
vsftpd_tls_enabled: True
|
||||
vsftpd_force_tls: True
|
||||
vsftpd_tls_letsencrypt: True
|
||||
vsftpd_ssl_ca_certificate: '{{ letsencrypt_acme_certs_dir }}/fullchain'
|
||||
vsftpd_ssl_certificate: '{{ letsencrypt_acme_certs_dir }}/cert'
|
||||
vsftpd_ssl_certificate_key: '{{ letsencrypt_acme_certs_dir }}/privkey'
|
||||
|
||||
|
|
|
@ -117,10 +117,30 @@ secure_chroot_dir=/var/run/vsftpd/empty
|
|||
# This string is the name of the PAM service vsftpd will use.
|
||||
pam_service_name=vsftpd
|
||||
#
|
||||
{% if vsftpd_tls_enabled %}
|
||||
# SSL/TLS
|
||||
ssl_enable=YES
|
||||
ssl_sslv2=NO
|
||||
ssl_sslv3=NO
|
||||
{% if ansible_distribution_version is version_compare('18.04', '>=') %}
|
||||
ssl_tlsv1=NO
|
||||
ssl_tlsv1_1=NO
|
||||
ssl_tlsv1_2=YES
|
||||
{% else %}
|
||||
ssl_tlsv1=YES
|
||||
{% endif %}
|
||||
ca_certs_file={{ vsftpd_ssl_ca_certificate }}
|
||||
rsa_cert_file={{ vsftpd_ssl_certificate }}
|
||||
rsa_private_key_file={{ vsftpd_ssl_certificate_key }}
|
||||
{% if vsftpd_force_tls %}
|
||||
force_local_logins_ssl=YES
|
||||
force_local_data_ssl=YES
|
||||
{% endif %}
|
||||
{% else %}
|
||||
# This option specifies the location of the RSA certificate to use for SSL
|
||||
# encrypted connections.
|
||||
rsa_cert_file=/etc/ssl/private/vsftpd.pem
|
||||
|
||||
{% endif %}
|
||||
|
||||
local_root={{ vsftpd_local_root }}
|
||||
pasv_min_port={{ vsftpd_pasv_min_port }}
|
||||
|
|
Loading…
Reference in New Issue