ka
/
ansible-role-dovecot
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
31 Commitit
1 Haara
65KB
Puu: 30c8a65a17
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '30c8a65a17'
${ noResults }
ansible-role-dovecot/templates/conf.d/10-ssl.conf.j2

65 lines
2.3KB
Raaka Blame Historia 

  1. {{ansible_managed|comment}}

  2. 

  3. ##

  4. ## SSL settings

  5. ##

  6. 

  7. # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>

  8. ssl = yes

  9. 

  10. # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before

  11. # dropping root privileges, so keep the key file unreadable by anyone but

  12. # root. Included doc/mkcert.sh can be used to easily generate self-signed

  13. # certificate, just make sure to update the domains in dovecot-openssl.cnf

  14. ssl_cert = <{{dovecot_certificate_fullchain_file}}

  15. ssl_key = <{{dovecot_certificate_private_key_file}}

  16. 

  17. # If key file is password protected, give the password here. Alternatively

  18. # give it when starting dovecot with -p parameter. Since this file is often

  19. # world-readable, you may want to place this setting instead to a different

  20. # root owned 0600 file by using ssl_key_password = <path.

  21. #ssl_key_password =

  22. 

  23. # PEM encoded trusted certificate authority. Set this only if you intend to use

  24. # ssl_verify_client_cert=yes. The file should contain the CA certificate(s)

  25. # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)

  26. #ssl_ca =

  27. 

  28. # Require that CRL check succeeds for client certificates.

  29. #ssl_require_crl = yes

  30. 

  31. # Directory and/or file for trusted SSL CA certificates. These are used only

  32. # when Dovecot needs to act as an SSL client (e.g. imapc backend). The

  33. # directory is usually /etc/ssl/certs in Debian-based systems and the file is

  34. # /etc/pki/tls/cert.pem in RedHat-based systems.

  35. #ssl_client_ca_dir =

  36. #ssl_client_ca_file =

  37. 

  38. # Request client to send a certificate. If you also want to require it, set

  39. # auth_ssl_require_client_cert=yes in auth section.

  40. #ssl_verify_client_cert = no

  41. 

  42. # Which field from certificate to use for username. commonName and

  43. # x500UniqueIdentifier are the usual choices. You'll also need to set

  44. # auth_ssl_username_from_cert=yes.

  45. #ssl_cert_username_field = commonName

  46. 

  47. # DH parameters length to use.

  48. #ssl_dh_parameters_length = 1024

  49. 

  50. # SSL protocols to use

  51. #ssl_protocols = !SSLv3

  52. 

  53. # SSL ciphers to use

  54. #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

  55. 

  56. # Prefer the server's order of ciphers over client's.

  57. #ssl_prefer_server_ciphers = no

  58. 

  59. # SSL crypto device to use, for valid values run "openssl engine"

  60. #ssl_crypto_device =

  61. 

  62. # SSL extra options. Currently supported options are:

  63. #   no_compression - Disable compression.

  64. #ssl_options =