Add ssl_dhparam option (#114)

* add dhparam to README

* add dhparam to defaults/main.yml

Author: senorsmile

README.md

@@ -376,6 +376,7 @@ nginx_http_template:
             cert: /etc/ssl/certs/proxy_default.crt
             key: /etc/ssl/private/proxy_default.key
             trusted_cert: /etc/ssl/certs/proxy_ca.crt
+            dhparam: /etc/ssl/private/dh_param.pem
             server_name: false
             name: server_name
             protocols: TLSv1 TLSv1.1 TLSv1.2

defaults/main.yml

@@ -175,6 +175,7 @@ nginx_http_template:
     ssl:
       cert: /etc/ssl/certs/default.crt
       key: /etc/ssl/private/default.key
+      dhparam: /etc/ssl/private/dh_param.pem
       protocols: TLSv1 TLSv1.1 TLSv1.2
       ciphers: HIGH:!aNULL:!MD5
       session_cache: none

templates/http/default.conf.j2

@@ -52,6 +52,9 @@ server {
     listen {{ item.value.port }} ssl;
     ssl_certificate {{ item.value.ssl.cert }};
     ssl_certificate_key {{ item.value.ssl.key }};
+{% if item.value.ssl.dhparam is defined %}
+    ssl_dhparam {{ item.value.ssl.dhparam }};
+{% endif %}
 {% if item.value.ssl.protocols is defined %}
     ssl_protocols {{ item.value.ssl.protocols }};
 {% endif %}