Julien Palard
b2af1120f9
While proofreading the config, and checking if it was up to date according to: - Mozilla recommandations - SSLtest - testssl.sh I spotted an issue in the HSTS header: $ curl -I https://afpy.org [...] Strict-Transport-Security: max-age=63072000; always the `always` part is an nginx config token, not a cookie value. So I simplified the conf so we can more easily copy/paste from Mozilla generator, which obviously removed the bug.
754 B
754 B
Nginx with Letsencrypt
This role sets up nginx with letsencrypt (using DNS-01 with Gandi API) .
Role Variables
The mandatory variables are:
admin_email
: For letsencrypt.gandi_api_key
(see doc).nginx_certificates
: A list of domain to put in this certificate.nginx_domain
: Used for file names, certificate name, and default server_name if no nginx_conf is given.nginx_conf
: The nginx config.
Optional variables are:
nginx_owner
: If a unix user has to be created for this project.nginx_path
: To create a directory owned bynginx_owner
.certbot_authenticator
: Defaults togandi
, can usenginx
.
Author Information
Julien Palard — https://mdk.fr