Handle dynamic nginx ssl options
ssl protocol options for nginx are hard coded in the formula
added documentation for changing nginx ssl options
Change-Id: Id937911f64febaf707f44aecd5864a15562bb2c3
diff --git a/README.rst b/README.rst
index f8c75b5..cde94d3 100644
--- a/README.rst
+++ b/README.rst
@@ -306,6 +306,26 @@
name: 127.0.0.1
port: 8888
+Change nginx server ssl protocol options in openstack/proxy.yml
+
+.. code-block:: yaml
+ nginx:
+ server:
+ site:
+ site01:
+ enabled: true
+ name: site01
+ host:
+ name: site01.domain.com
+ ssl:
+ enabled: true
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
+ chain_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-with-chain.crt
+ protocols: TLSv1 TLSv1.1 TLSv1.2
+ ciphers: "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
+ prefer_server_ciphers: true
+ ecdh_curve: secp521r1
More Information
================