2023-05-23 15:45:42 +00:00
|
|
|
---
|
|
|
|
- name: Check for a pre-generated dhparams file.
|
|
|
|
ansible.builtin.stat:
|
|
|
|
path: files/dhparams.pem
|
|
|
|
register: dhparams
|
|
|
|
delegate_to: localhost
|
|
|
|
tags: dhparams
|
2023-06-17 03:07:35 +00:00
|
|
|
become: false
|
2023-05-23 15:45:42 +00:00
|
|
|
|
|
|
|
- name: Use previously generated dhparams to reduce deployment time by several minutes.
|
|
|
|
ansible.builtin.copy:
|
|
|
|
src: dhparams.pem
|
2023-08-03 22:30:51 +00:00
|
|
|
dest: "{{ nginx_config_dhparam }}"
|
2023-05-23 15:45:42 +00:00
|
|
|
force: false
|
|
|
|
when: dhparams.stat.exists
|
|
|
|
tags: dhparams
|
|
|
|
|
|
|
|
# https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_dhparam_module.html
|
|
|
|
- name: Generate Diffie-Hellman parameters with the default size (4096 bits)
|
|
|
|
community.crypto.openssl_dhparam:
|
2023-07-29 04:13:32 +00:00
|
|
|
path: "/etc/ssl/dhparams.pem"
|
2023-05-23 15:45:42 +00:00
|
|
|
tags: dhparams
|