clients will be served with ``Strict-Transport-Security`` header with value of

  ``max-age=31536000; includeSubDomains``.

  X.509 certificate used for TLS for HTTPS service. The file will be stored in

  directory ``/etc/ssl/certs/`` under name ``{{ ansible_fqdn }}_https.pem``.

  Private key used for TLS for HTTPS service. The file will be stored in

  directory ``/etc/ssl/private/`` under name ``{{ ansible_fqdn }}_https.key``.

          - mail_forwarder

          - web_server

   :file:`~/mysite/group_vars/web.yml`

   ::

      ---

      web_default_title: "Welcome to default page!"

      web_default_message: "Nothing to see here, move along..."

---

default_enforce_https: true

web_default_title: "Welcome"

web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

web_server_tls_protocols:

---

# common

ca_certificates:

  testca: "{{ lookup('file', 'tests/data/x509/ca.cert.pem') }}"

---

default_enforce_https: false

web_default_title: "Optional Welcome"

web_default_message: "Welcome to parameters-optional, default virtual host."

web_server_tls_protocols:

        assert tls_file.user == 'root'

        assert tls_file.group == 'root'

        assert tls_file.mode == 0o640

        tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)

        assert tls_file.is_file

        assert tls_file.user == 'root'

        assert tls_file.group == 'root'

        assert tls_file.mode == 0o644

def test_certificate_validity_check_configuration(host):

        assert tls_file.user == 'root'

        assert tls_file.group == 'root'

        assert tls_file.mode == 0o640

        tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)

        assert tls_file.is_file

        assert tls_file.user == 'root'

        assert tls_file.group == 'root'

        assert tls_file.mode == 0o644

def test_certificate_validity_check_configuration(host):