|
|
|
|
|
|
|
|
|
|
|
# -*- coding: utf-8 -*- |
|
|
|
|
|
# vim: ft=yaml |
|
|
|
|
|
--- |
|
|
# ======== |
|
|
# ======== |
|
|
# nginx (previously named nginx:ng) |
|
|
# nginx (previously named nginx:ng) |
|
|
# ======== |
|
|
# ======== |
|
|
|
|
|
|
|
|
nginx: |
|
|
nginx: |
|
|
# The following three `install_from_` options are mutually exclusive. If none is used, the distro's provided |
|
|
|
|
|
# package will be installed. If one of the `install_from` option is set to `True`, the state will |
|
|
|
|
|
# make sure the other two repos are removed. |
|
|
|
|
|
|
|
|
# The following three `install_from_` options are mutually exclusive. If none |
|
|
|
|
|
# is used, the distro's provided package will be installed. If one of the |
|
|
|
|
|
# `install_from` option is set to `true`, the state will make sure the other |
|
|
|
|
|
# two repos are removed. |
|
|
|
|
|
|
|
|
# Use the official's nginx repo binaries |
|
|
# Use the official's nginx repo binaries |
|
|
install_from_repo: false |
|
|
install_from_repo: false |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# PPA install |
|
|
# PPA install |
|
|
install_from_ppa: false |
|
|
install_from_ppa: false |
|
|
# Set to 'stable', 'development' (mainline), 'community', or 'nightly' for each build accordingly ( https://launchpad.net/~nginx ) |
|
|
|
|
|
|
|
|
# Set to 'stable', 'development' (mainline), 'community', or 'nightly' for |
|
|
|
|
|
# each build accordingly ( https://launchpad.net/~nginx ) |
|
|
ppa_version: 'stable' |
|
|
ppa_version: 'stable' |
|
|
|
|
|
|
|
|
# Source install |
|
|
# Source install |
|
|
|
|
|
|
|
|
conf_file: /etc/nginx/nginx.conf |
|
|
conf_file: /etc/nginx/nginx.conf |
|
|
server_available: /etc/nginx/sites-available |
|
|
server_available: /etc/nginx/sites-available |
|
|
server_enabled: /etc/nginx/sites-enabled |
|
|
server_enabled: /etc/nginx/sites-enabled |
|
|
server_use_symlink: True |
|
|
|
|
|
# If you install nginx+passenger from phusionpassenger in Debian, these values will probably be needed |
|
|
|
|
|
|
|
|
server_use_symlink: true |
|
|
|
|
|
# If you install nginx+passenger from phusionpassenger in Debian, these |
|
|
|
|
|
# values will probably be needed |
|
|
passenger_package: libnginx-mod-http-passenger |
|
|
passenger_package: libnginx-mod-http-passenger |
|
|
passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf |
|
|
passenger_config_file: /etc/nginx/conf.d/mod-http-passenger.conf |
|
|
|
|
|
|
|
|
# This is required for RedHat like distros (Amazon Linux) that don't follow semantic versioning for $releasever |
|
|
|
|
|
|
|
|
# This is required for RedHat like distros (Amazon Linux) that don't follow |
|
|
|
|
|
# semantic versioning for $releasever |
|
|
rh_os_releasever: '6' |
|
|
rh_os_releasever: '6' |
|
|
# Currently it can be used on rhel/centos/suse when installing from repo |
|
|
# Currently it can be used on rhel/centos/suse when installing from repo |
|
|
gpg_check: True |
|
|
|
|
|
pid_file: /var/run/nginx.pid ### prevents rendering SLS error nginx.server.config.pid undefined ### |
|
|
|
|
|
|
|
|
gpg_check: true |
|
|
|
|
|
### prevents rendering SLS error nginx.server.config.pid undefined ### |
|
|
|
|
|
pid_file: /var/run/nginx.pid |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Source compilation is not currently a part of nginx |
|
|
# Source compilation is not currently a part of nginx |
|
|
from_source: False |
|
|
|
|
|
|
|
|
from_source: false |
|
|
|
|
|
|
|
|
source: |
|
|
source: |
|
|
opts: {} |
|
|
opts: {} |
|
|
|
|
|
|
|
|
package: |
|
|
package: |
|
|
opts: {} # this partially exposes parameters of pkg.installed |
|
|
|
|
|
|
|
|
opts: {} # this partially exposes parameters of pkg.installed |
|
|
|
|
|
|
|
|
service: |
|
|
service: |
|
|
enable: True # Whether or not the service will be enabled/running or dead |
|
|
|
|
|
opts: {} # this partially exposes parameters of service.running / service.dead |
|
|
|
|
|
|
|
|
|
|
|
##--- --- - - - - - - -- - - - - -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## |
|
|
|
|
|
## You can use snippets to define often repeated configuration once and include it later |
|
|
|
|
|
## The letsencrypt example below is consumed by "- include: 'snippets/letsencrypt.conf'" |
|
|
|
|
|
## Files or Templates can be retrieved by TOFS with snippet name ( Fallback to server.conf ) |
|
|
|
|
|
##--- --- - - - - - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## |
|
|
|
|
|
|
|
|
enable: true # Whether or not the service will be enabled/running or dead |
|
|
|
|
|
opts: {} # this partially exposes parameters of service.running / service.dead |
|
|
|
|
|
|
|
|
|
|
|
## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## |
|
|
|
|
|
## You can use snippets to define often repeated configuration once and |
|
|
|
|
|
## include it later # The letsencrypt example below is consumed by "- include: |
|
|
|
|
|
## 'snippets/letsencrypt.conf'" # Files or Templates can be retrieved by TOFS |
|
|
|
|
|
## with snippet name ( Fallback to server.conf ) |
|
|
|
|
|
## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## |
|
|
snippets: |
|
|
snippets: |
|
|
letsencrypt.conf: |
|
|
letsencrypt.conf: |
|
|
- location ^~ /.well-known/acme-challenge/: |
|
|
- location ^~ /.well-known/acme-challenge/: |
|
|
- proxy_pass: http://localhost:9999 |
|
|
|
|
|
|
|
|
- proxy_pass: http://localhost:9999 |
|
|
cloudflare_proxy.conf: |
|
|
cloudflare_proxy.conf: |
|
|
- set_real_ip_from: 103.21.244.0/22 |
|
|
- set_real_ip_from: 103.21.244.0/22 |
|
|
- set_real_ip_from: 103.22.200.0/22 |
|
|
- set_real_ip_from: 103.22.200.0/22 |
|
|
|
|
|
|
|
|
- set_real_ip_from: 108.162.192.0/18 |
|
|
- set_real_ip_from: 108.162.192.0/18 |
|
|
blacklist.conf: |
|
|
blacklist.conf: |
|
|
- map $http_user_agent $bad_bot: |
|
|
- map $http_user_agent $bad_bot: |
|
|
- default: 0 |
|
|
|
|
|
- '~*^Lynx': 0 |
|
|
|
|
|
- '~*malicious': 1 |
|
|
|
|
|
- '~*bot': 1 |
|
|
|
|
|
- '~*crawler': 1 |
|
|
|
|
|
- '~*bandit': 1 |
|
|
|
|
|
- libwww-perl: 1 |
|
|
|
|
|
- '~(?i)(httrack|htmlparser|libwww)': 1 |
|
|
|
|
|
|
|
|
- default: 0 |
|
|
|
|
|
- '~*^Lynx': 0 |
|
|
|
|
|
- '~*malicious': 1 |
|
|
|
|
|
- '~*bot': 1 |
|
|
|
|
|
- '~*crawler': 1 |
|
|
|
|
|
- '~*bandit': 1 |
|
|
|
|
|
- libwww-perl: 1 |
|
|
|
|
|
- '~(?i)(httrack|htmlparser|libwww)': 1 |
|
|
upstream_netdata_tcp.conf: |
|
|
upstream_netdata_tcp.conf: |
|
|
- upstream netdata: |
|
|
- upstream netdata: |
|
|
- server: 127.0.0.1:19999 |
|
|
|
|
|
- keepalive: 64 |
|
|
|
|
|
|
|
|
- server: 127.0.0.1:19999 |
|
|
|
|
|
- keepalive: 64 |
|
|
|
|
|
|
|
|
server: |
|
|
server: |
|
|
opts: {} # this partially exposes file.managed parameters as they relate to the main nginx.conf file |
|
|
|
|
|
|
|
|
|
|
|
#-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - # |
|
|
|
|
|
# nginx.conf (main server) declarations |
|
|
|
|
|
# dictionaries map to blocks {} and lists cause the same declaration to repeat with different values |
|
|
|
|
|
# see also http://nginx.org/en/docs/example.html |
|
|
|
|
|
# Nginx config file or template can be retrieved by TOFS ( Fallback to nginx.conf ) |
|
|
|
|
|
#-- - - - - -- - - -- - - - - -- - - -- - - - -- - - - - - -- - - - - - -- - - - - -- - - - - -- - - # |
|
|
|
|
|
|
|
|
# this partially exposes file.managed parameters as they relate to the main |
|
|
|
|
|
# nginx.conf file |
|
|
|
|
|
opts: {} |
|
|
|
|
|
|
|
|
|
|
|
## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## |
|
|
|
|
|
# nginx.conf (main server) declarations dictionaries map to blocks {} and |
|
|
|
|
|
# lists cause the same declaration to repeat with different values see also |
|
|
|
|
|
# http://nginx.org/en/docs/example.html Nginx config file or template can |
|
|
|
|
|
# be retrieved by TOFS ( Fallback to nginx.conf ) |
|
|
|
|
|
## - - -- - - -- -- - - --- -- - -- - - - -- - - - - -- - - - -- - - - -- - ## |
|
|
config: |
|
|
config: |
|
|
include: 'snippets/letsencrypt.conf' |
|
|
include: 'snippets/letsencrypt.conf' |
|
|
source_path: salt://path_to_nginx_conf_file/nginx.conf # IMPORTANT: This option is mutually exclusive with TOFS and |
|
|
|
|
|
# the rest of the options; if it is found other options |
|
|
|
|
|
# (worker_processes: 4 and so on) are not processed |
|
|
|
|
|
# and just upload the file from source |
|
|
|
|
|
|
|
|
# IMPORTANT: This option is mutually exclusive with TOFS and the rest of |
|
|
|
|
|
# the options; if it is found other options (worker_processes: 4 and so |
|
|
|
|
|
# on) are not processed and just upload the file from source |
|
|
|
|
|
source_path: salt://path_to_nginx_conf_file/nginx.conf |
|
|
worker_processes: 4 |
|
|
worker_processes: 4 |
|
|
load_module: modules/ngx_http_lua_module.so # pass as very first in configuration; otherwise nginx will fail to start |
|
|
|
|
|
#pid: /var/run/nginx.pid # Directory location must exist (i.e. it's /run/nginx.pid on EL7) |
|
|
|
|
|
|
|
|
# pass as very first in configuration; otherwise nginx will fail to start |
|
|
|
|
|
load_module: modules/ngx_http_lua_module.so |
|
|
|
|
|
# Directory location must exist (i.e. it's /run/nginx.pid on EL7) |
|
|
|
|
|
# pid: /var/run/nginx.pid |
|
|
events: |
|
|
events: |
|
|
worker_connections: 1024 |
|
|
worker_connections: 1024 |
|
|
http: |
|
|
http: |
|
|
sendfile: 'on' |
|
|
sendfile: 'on' |
|
|
include: |
|
|
include: |
|
|
#### Note: Syntax issues in these files generate nginx [emerg] errors on startup. #### |
|
|
|
|
|
|
|
|
#### Note: Syntax issues in these files generate nginx [emerg] errors |
|
|
|
|
|
#### on startup. |
|
|
- /etc/nginx/mime.types |
|
|
- /etc/nginx/mime.types |
|
|
|
|
|
|
|
|
### module ngx_http_log_module example |
|
|
### module ngx_http_log_module example |
|
|
|
|
|
|
|
|
main '$remote_addr - $remote_user [$time_local] $status ' |
|
|
main '$remote_addr - $remote_user [$time_local] $status ' |
|
|
'"$request" $body_bytes_sent "$http_referer" ' |
|
|
'"$request" $body_bytes_sent "$http_referer" ' |
|
|
'"$http_user_agent" "$http_x_forwarded_for"' |
|
|
'"$http_user_agent" "$http_x_forwarded_for"' |
|
|
access_log: [] #suppress default access_log option from being added |
|
|
|
|
|
|
|
|
access_log: [] # suppress default access_log option from being added |
|
|
|
|
|
|
|
|
### module nngx_stream_core_module |
|
|
|
|
|
### https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example |
|
|
|
|
|
|
|
|
# module nngx_stream_core_module |
|
|
|
|
|
# yamllint disable-line rule:line-length |
|
|
|
|
|
# https://docs.nginx.com/nginx/admin-guide/load-balancer/tcp-udp-load-balancer/#example |
|
|
stream: |
|
|
stream: |
|
|
upstream lb-1000: |
|
|
upstream lb-1000: |
|
|
- server: |
|
|
- server: |
|
|
- hostname1.example.com:1000 |
|
|
|
|
|
- hostname2.example.com:1000 |
|
|
|
|
|
|
|
|
- hostname1.example.com:1000 |
|
|
|
|
|
- hostname2.example.com:1000 |
|
|
upstream stream_backend: |
|
|
upstream stream_backend: |
|
|
least_conn: '' |
|
|
least_conn: '' |
|
|
'server backend1.example.com:12345 weight=5': |
|
|
'server backend1.example.com:12345 weight=5': |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
servers: |
|
|
servers: |
|
|
disabled_postfix: .disabled # a postfix appended to files when doing non-symlink disabling |
|
|
|
|
|
symlink_opts: {} # partially exposes file.symlink params when symlinking enabled sites |
|
|
|
|
|
rename_opts: {} # partially exposes file.rename params when not symlinking disabled/enabled sites |
|
|
|
|
|
managed_opts: {} # partially exposes file.managed params for managed server files |
|
|
|
|
|
dir_opts: {} # partially exposes file.directory params for site available/enabled and snippets dirs |
|
|
|
|
|
|
|
|
# a postfix appended to files when doing non-symlink disabling |
|
|
|
|
|
disabled_postfix: .disabled |
|
|
|
|
|
# partially exposes file.symlink params when symlinking enabled sites |
|
|
|
|
|
symlink_opts: {} |
|
|
|
|
|
# partially exposes file.rename params when not symlinking disabled/enabled sites |
|
|
|
|
|
rename_opts: {} |
|
|
|
|
|
# partially exposes file.managed params for managed server files |
|
|
|
|
|
managed_opts: {} |
|
|
|
|
|
# partially exposes file.directory params for site available/enabled and |
|
|
|
|
|
# snippets dirs |
|
|
|
|
|
dir_opts: {} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##################### |
|
|
##################### |
|
|
|
|
|
|
|
|
##################### |
|
|
##################### |
|
|
managed: |
|
|
managed: |
|
|
|
|
|
|
|
|
mysite: # relative filename of server file (defaults to '/etc/nginx/sites-available/mysite') |
|
|
|
|
|
# may be True, False, or None where True is enabled, False, disabled, and None indicates no action |
|
|
|
|
|
enabled: True |
|
|
|
|
|
|
|
|
# relative filename of server file |
|
|
|
|
|
# (defaults to '/etc/nginx/sites-available/mysite') |
|
|
|
|
|
mysite: |
|
|
|
|
|
# may be true, false, or None where true is enabled, false, disabled, |
|
|
|
|
|
# and None indicates no action |
|
|
|
|
|
enabled: true |
|
|
|
|
|
|
|
|
# Remove the site config file shipped by nginx (i.e. '/etc/nginx/sites-available/default' by default) |
|
|
|
|
|
|
|
|
# Remove the site config file shipped by nginx |
|
|
|
|
|
# (i.e. '/etc/nginx/sites-available/default' by default) |
|
|
# It also remove the symlink (if it is exists). |
|
|
# It also remove the symlink (if it is exists). |
|
|
# The site MUST be disabled before delete it (if not the nginx is not reloaded). |
|
|
|
|
|
#deleted: True |
|
|
|
|
|
|
|
|
|
|
|
#available_dir: /etc/nginx/sites-available-custom # custom directory (not sites-available) for server filename |
|
|
|
|
|
#enabled_dir: /etc/nginx/sites-enabled-custom # custom directory (not sites-enabled) for server filename |
|
|
|
|
|
disabled_name: mysite.aint_on # an alternative disabled name to be use when not symlinking |
|
|
|
|
|
overwrite: True # overwrite an existing server file or not |
|
|
|
|
|
|
|
|
|
|
|
# May be a list of config options or None, if None, no server file will be managed/templated |
|
|
|
|
|
# Take server directives as lists of dictionaries. If the dictionary value is another list of |
|
|
|
|
|
# dictionaries a block {} will be started with the dictionary key name |
|
|
|
|
|
|
|
|
# The site MUST be disabled before delete it (if not the nginx is not |
|
|
|
|
|
# reloaded). |
|
|
|
|
|
# deleted: true |
|
|
|
|
|
|
|
|
|
|
|
# custom directory (not sites-available) for server filename |
|
|
|
|
|
# available_dir: /etc/nginx/sites-available-custom |
|
|
|
|
|
# custom directory (not sites-enabled) for server filename |
|
|
|
|
|
# enabled_dir: /etc/nginx/sites-enabled-custom |
|
|
|
|
|
# an alternative disabled name to be use when not symlinking |
|
|
|
|
|
disabled_name: mysite.aint_on |
|
|
|
|
|
# overwrite an existing server file or not |
|
|
|
|
|
overwrite: true |
|
|
|
|
|
|
|
|
|
|
|
# May be a list of config options or None, if None, no server file will |
|
|
|
|
|
# be managed/templated Take server directives as lists of dictionaries. |
|
|
|
|
|
# If the dictionary value is another list of dictionaries a block {} |
|
|
|
|
|
# will be started with the dictionary key name |
|
|
config: |
|
|
config: |
|
|
- server: |
|
|
|
|
|
- server_name: localhost |
|
|
|
|
|
- listen: |
|
|
|
|
|
- '80 default_server' |
|
|
|
|
|
- listen: |
|
|
|
|
|
- '443 ssl' |
|
|
|
|
|
- index: 'index.html index.htm' |
|
|
|
|
|
- location ~ .htm: |
|
|
|
|
|
- try_files: '$uri $uri/ =404' |
|
|
|
|
|
- test: something else |
|
|
|
|
|
- include: 'snippets/letsencrypt.conf' |
|
|
|
|
|
|
|
|
|
|
|
# Or a slightly more compact alternative syntax: |
|
|
|
|
|
|
|
|
# both of the methods below lead to the output: |
|
|
|
|
|
# server { |
|
|
|
|
|
# server_name localhost; |
|
|
|
|
|
# listen 80 default_server; |
|
|
|
|
|
# listen 443 ssl; |
|
|
|
|
|
# index index.html index.htm; |
|
|
|
|
|
# location ~ .htm { |
|
|
|
|
|
# try_files $uri $uri/ =404; |
|
|
|
|
|
# test something else; |
|
|
|
|
|
# } |
|
|
|
|
|
# } |
|
|
|
|
|
|
|
|
- server: |
|
|
- server: |
|
|
- server_name: localhost |
|
|
|
|
|
- listen: |
|
|
|
|
|
- '80 default_server' |
|
|
|
|
|
- '443 ssl' |
|
|
|
|
|
- index: 'index.html index.htm' |
|
|
|
|
|
- location ~ .htm: |
|
|
|
|
|
- try_files: '$uri $uri/ =404' |
|
|
|
|
|
- test: something else |
|
|
|
|
|
- include: 'snippets/letsencrypt.conf' |
|
|
|
|
|
|
|
|
|
|
|
# both of those output: |
|
|
|
|
|
# server { |
|
|
|
|
|
# server_name localhost; |
|
|
|
|
|
# listen 80 default_server; |
|
|
|
|
|
# listen 443 ssl; |
|
|
|
|
|
# index index.html index.htm; |
|
|
|
|
|
# location ~ .htm { |
|
|
|
|
|
# try_files $uri $uri/ =404; |
|
|
|
|
|
# test something else; |
|
|
|
|
|
# } |
|
|
|
|
|
# } |
|
|
|
|
|
|
|
|
|
|
|
mysite2: # Using source_path options to upload the file instead of templating all the file |
|
|
|
|
|
enabled: True |
|
|
|
|
|
|
|
|
- server_name: localhost |
|
|
|
|
|
- listen: |
|
|
|
|
|
- '80 default_server' |
|
|
|
|
|
- listen: |
|
|
|
|
|
- '443 ssl' |
|
|
|
|
|
- index: 'index.html index.htm' |
|
|
|
|
|
- location ~ .htm: |
|
|
|
|
|
- try_files: '$uri $uri/ =404' |
|
|
|
|
|
- test: something else |
|
|
|
|
|
- include: 'snippets/letsencrypt.conf' |
|
|
|
|
|
|
|
|
|
|
|
# Or a slightly more compact alternative syntax: |
|
|
|
|
|
- server: |
|
|
|
|
|
- server_name: localhost |
|
|
|
|
|
- listen: |
|
|
|
|
|
- '80 default_server' |
|
|
|
|
|
- '443 ssl' |
|
|
|
|
|
- index: 'index.html index.htm' |
|
|
|
|
|
- location ~ .htm: |
|
|
|
|
|
- try_files: '$uri $uri/ =404' |
|
|
|
|
|
- test: something else |
|
|
|
|
|
- include: 'snippets/letsencrypt.conf' |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Using source_path options to upload the file instead of templating all the file |
|
|
|
|
|
mysite2: |
|
|
|
|
|
enabled: true |
|
|
available_dir: /etc/nginx/sites-available |
|
|
available_dir: /etc/nginx/sites-available |
|
|
enabled_dir: /etc/nginx/sites-enabled |
|
|
enabled_dir: /etc/nginx/sites-enabled |
|
|
config: |
|
|
config: |
|
|
source_path: salt://path-to-site-file/mysite2 # IMPORTANT: This field is mutually exclusive with TOFS |
|
|
|
|
|
# and other config options, it just uploads the specified file |
|
|
|
|
|
|
|
|
# IMPORTANT: This field is mutually exclusive with TOFS and other |
|
|
|
|
|
# config options, it just uploads the specified file |
|
|
|
|
|
source_path: salt://path-to-site-file/mysite2 |
|
|
|
|
|
|
|
|
# Below configuration becomes handy if you want to create custom configuration files |
|
|
|
|
|
# for example if you want to create /usr/local/etc/nginx/http_options.conf with |
|
|
|
|
|
# the following content: |
|
|
|
|
|
|
|
|
# Below configuration becomes handy if you want to create custom |
|
|
|
|
|
# configuration files for example if you want to create |
|
|
|
|
|
# /usr/local/etc/nginx/http_options.conf with the following content: |
|
|
|
|
|
|
|
|
# sendfile on; |
|
|
# sendfile on; |
|
|
# tcp_nopush on; |
|
|
# tcp_nopush on; |
|
|
|
|
|
|
|
|
# send_iowait 12000; |
|
|
# send_iowait 12000; |
|
|
|
|
|
|
|
|
http_options.conf: |
|
|
http_options.conf: |
|
|
enabled: True |
|
|
|
|
|
|
|
|
enabled: true |
|
|
available_dir: /usr/local/etc/nginx |
|
|
available_dir: /usr/local/etc/nginx |
|
|
enabled_dir: /usr/local/etc/nginx |
|
|
enabled_dir: /usr/local/etc/nginx |
|
|
config: |
|
|
config: |
|
|
|
|
|
|
|
|
- tcp_nodelay: 'on' |
|
|
- tcp_nodelay: 'on' |
|
|
- send_iowait: 12000 |
|
|
- send_iowait: 12000 |
|
|
|
|
|
|
|
|
certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. |
|
|
|
|
|
|
|
|
# Use this if you need to deploy below certificates in a custom path. |
|
|
|
|
|
certificates_path: '/etc/nginx/ssl' |
|
|
# If you're doing SSL termination, you can deploy certificates this way. |
|
|
# If you're doing SSL termination, you can deploy certificates this way. |
|
|
# The private one(s) should go in a separate pillar file not in version |
|
|
# The private one(s) should go in a separate pillar file not in version |
|
|
# control (or use encrypted pillar data). |
|
|
# control (or use encrypted pillar data). |
|
|
certificates: |
|
|
certificates: |
|
|
'www.example.com': |
|
|
'www.example.com': |
|
|
|
|
|
|
|
|
# choose one of: deploying this cert by pillar (e.g. in combination with ext_pillar and file_tree) |
|
|
|
|
|
|
|
|
# choose one of: deploying this cert by pillar (e.g. in combination with |
|
|
|
|
|
# ext_pillar and file_tree) |
|
|
# public_cert_pillar: certs:example.com:fullchain.pem |
|
|
# public_cert_pillar: certs:example.com:fullchain.pem |
|
|
# private_key_pillar: certs:example.com:privkey.pem |
|
|
# private_key_pillar: certs:example.com:privkey.pem |
|
|
# or directly pasting the cert |
|
|
# or directly pasting the cert |
|
|
|
|
|
|
|
|
# |
|
|
# |
|
|
# All aspects of path/file resolution are customisable using the options below. |
|
|
# All aspects of path/file resolution are customisable using the options below. |
|
|
# This is unnecessary in most cases; there are sensible defaults. |
|
|
# This is unnecessary in most cases; there are sensible defaults. |
|
|
# Path pattern: salt://{{ path_prefix or 'nginx' }}/{{ dirs.files or 'files' }}/{{ dirs.default or 'default' }} |
|
|
|
|
|
# path_prefix: template_alt |
|
|
|
|
|
|
|
|
# Default path: salt://{{ path_prefix }}/{{ dirs.files }}/{{ dirs.default }} |
|
|
|
|
|
# I.e.: salt://nginx/files/default |
|
|
|
|
|
# path_prefix: template_alt |
|
|
# dirs: |
|
|
# dirs: |
|
|
# files: files_alt |
|
|
# files: files_alt |
|
|
# default: default_alt |
|
|
# default: default_alt |
Imran Iqbal
5 years ago