瀏覽代碼

Merge pull request #89 from andrew-vant/certificates

Added nginx.ng.certificates state.
tags/v0.55.0
puneet kandhari 9 年之前
父節點
當前提交
8db7bf7b4d
共有 3 個檔案被更改,包括 44 行新增0 行删除
  1. +23
    -0
      nginx/ng/certificates.sls
  2. +1
    -0
      nginx/ng/init.sls
  3. +20
    -0
      pillar.example

+ 23
- 0
nginx/ng/certificates.sls 查看文件

@@ -0,0 +1,23 @@
include:
- nginx.ng.service

{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}

nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in:
- service: nginx_service

nginx_{{ domain }}_ssl_key:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
- watch_in:
- service: nginx_service

{%- endfor %}

+ 1
- 0
nginx/ng/init.sls 查看文件

@@ -6,6 +6,7 @@ include:
- nginx.ng.config
- nginx.ng.service
- nginx.ng.vhosts
- nginx.ng.certificates

extend:
nginx_service:

+ 20
- 0
pillar.example 查看文件

@@ -107,3 +107,23 @@ nginx:
# test something else;
# }
# }

# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).
certificates:
'www.example.com':
public_cert: |
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: www.example.com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: ExampleCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: www.example.com.key)
-----END RSA PRIVATE KEY-----

Loading…
取消
儲存