provision/roles/nginx/tasks/main.yml at d5cc65e4d0b7

110:d5cc65e4d0b7

Anton Shestakov <av6@dwimlabs.net>, Thu, 21 Jul 2016 17:21:01 +0800

provision: don't pin certs, rely on Mercurial being configured correctly Bitbucket already has a trusted, valid certificate. If extra security is needed, it shouldn't be done in user's .hgrc anyway. And since repo is a variable now, it could be on a host that's not in [hostfingerprints].

previous change

108:f24c7fee1b0d

provision/roles/nginx/tasks/main.yml

Permissions: -rw-r--r--

File Latest Revisions Annotate Diff Comparison

Other formats:

JSON Raw

Feeds:

Atom RSS

---
- name: Install package
  apt:
    pkg: nginx
    state: present
- name: Create a Diffie-Hellman key exchange parameters file
  command: >
    openssl dhparam
    {% if ansible_virtualization_type == "virtualbox" %}-dsaparam{% endif %}
    -out /etc/nginx/dh-2048.pem
    2048
  args:
    creates: /etc/nginx/dh-2048.pem
  notify:
    - restart nginx
- name: Allow HTTP and HTTPS
  ufw:
    rule: allow
    name: '{{ item }}'
  with_items:
    - Nginx HTTP
    - Nginx HTTPS
  tags: [ufw]
...