unbound-control: no certificates for local use
This commit is contained in:
parent
3695a3d771
commit
b94c62d710
2 changed files with 3 additions and 27 deletions
|
@ -19,22 +19,6 @@
|
||||||
state: present
|
state: present
|
||||||
register: unbound_install
|
register: unbound_install
|
||||||
|
|
||||||
- name: check if unbound-control certificate exists
|
|
||||||
stat:
|
|
||||||
path: /etc/unbound/unbound_control.pem
|
|
||||||
register: ubc_control_pem
|
|
||||||
|
|
||||||
|
|
||||||
- name: check if unbound server certificate exists
|
|
||||||
stat:
|
|
||||||
path: /etc/unbound/unbound_server.pem
|
|
||||||
register: ubc_server_pem
|
|
||||||
|
|
||||||
- name: run unbound-control-setup if a certificate is missing
|
|
||||||
command: unbound-control-setup
|
|
||||||
become: yes
|
|
||||||
when: ubc_control_pem.stat.exists == False or ubc_server_pem.stat.exists == False
|
|
||||||
|
|
||||||
- name: add unbound-control configuration
|
- name: add unbound-control configuration
|
||||||
template:
|
template:
|
||||||
src: unbound-control.conf.j2
|
src: unbound-control.conf.j2
|
||||||
|
|
|
@ -10,14 +10,6 @@ remote-control:
|
||||||
# port number for remote control operations.
|
# port number for remote control operations.
|
||||||
control-port: 8953
|
control-port: 8953
|
||||||
|
|
||||||
# unbound server key file.
|
# Disable the use of certificates for unbound-control.
|
||||||
server-key-file: "/etc/unbound/unbound_server.key"
|
# It's only listening locally, there's no need for the added complexity.
|
||||||
|
control-use-cert: "no"
|
||||||
# unbound server certificate file.
|
|
||||||
server-cert-file: "/etc/unbound/unbound_server.pem"
|
|
||||||
|
|
||||||
# unbound-control key file.
|
|
||||||
control-key-file: "/etc/unbound/unbound_control.key"
|
|
||||||
|
|
||||||
# unbound-control certificate file.
|
|
||||||
control-cert-file: "/etc/unbound/unbound_control.pem"
|
|
||||||
|
|
Loading…
Reference in a new issue