--- # tasks file for mapserver-certificates - name: Install openssl to generate DH params apt: name=openssl state=present - name: Ensure nginx ssl directory exists file: dest=/etc/nginx/ssl/ state=directory - name: Create private ssl key from secret var copy: content="{{ mapserver_ssl_private_key }}" dest=/etc/nginx/ssl/wiki.ffdo.de.key - name: Create nginx server certificate from secret var copy: content="{{ mapserver_ssl_server_cert }}" dest=/etc/nginx/ssl/wiki.ffdo.de.crt - name: Deploy pregenerated DH params when: mapserver_use_pregenerated_dh_params copy: content="{{mapserver_dh_params}}" dest=/etc/nginx/dhparams.pem - name: Generate strong dhparams when: not mapserver_use_pregenerated_dh_params shell: openssl dhparam -out /etc/nginx/dhparams.pem 4096 creates=/etc/nginx/dhparams.pem