Generates Diffie-Hellman parameters on Debian/Ubuntu servers.
When generating the parameters on your local machine, you need openssl
installed.
It is recommended that you set dhparam_create_on_local_machine
to yes
.
dhparam_create_on_local_machine: no
dhparam_size: 4096
dhparam_path: "/etc/ssl/certs/dhparam-{{ dhparam_size }}.pem"
# (no, reboot, hourly, daily, weekly, monthly, annually, yearly)
dhparam_periodic_update: no
Each part of the setup has a tag.
dhparam:install
dhparam:cron
None.
---
- hosts: servers
become: yes
roles:
- noplanman.dhparam
MIT