ExternalMirrors
/
nginx-formula
огледало от https://github.com/saltstack-formulas/nginx-formula
Наблюдаван 1
Харесван 0
Разклонения 1
Код Задачи 0 Версии 34 Уики Activity
Saltstack Official Nginx Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
436 Ревизии
3 Клонове
ИН на ревизия: a8382b51a0
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'a8382b51a0'
${ noResults }
nginx-formula/nginx/certificates.sls

62 lines
2.1KB
Директен файл Blame История 

  1. {% from 'nginx/map.jinja' import nginx with context %}

  2. 

  3. include:

  4.   - nginx.service

  5. 

  6. {% set certificates_path = salt['pillar.get']('nginx:certificates_path', '/etc/nginx/ssl') %}

  7. 

  8. {%- for dh_param, value in salt['pillar.get']('nginx:dh_param', {}).items() %}

  9. {%- if value is string %}

  10. create_nginx_dhparam_{{ dh_param }}_key:

  11.   file.managed:

  12.     - name: {{ certificates_path }}/{{ dh_param }}

  13.     - contents_pillar: nginx:dh_param:{{ dh_param }}

  14.     - makedirs: True

  15.     - watch_in:

  16.       - service: nginx_service

  17. {%- else %}

  18. generate_nginx_dhparam_{{ dh_param }}_key:

  19.   pkg.installed:

  20.     - name: {{ nginx.lookup.openssl_package }}

  21.   file.directory:

  22.     - name: {{ certificates_path }}

  23.     - makedirs: True

  24.   cmd.run:

  25.     - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}

  26.     - cwd: {{ certificates_path }}

  27.     - creates: {{ certificates_path }}/{{ dh_param }}

  28.     - watch_in:

  29.       - service: nginx_service

  30. {%- endif %}

  31. {%- endfor %}

  32. 

  33. {%- for domain in salt['pillar.get']('nginx:certificates', {}).keys() %}

  34. 

  35. nginx_{{ domain }}_ssl_certificate:

  36.   file.managed:

  37.     - name: {{ certificates_path }}/{{ domain }}.crt

  38.     - makedirs: True

  39. {% if salt['pillar.get']("nginx:certificates:{}:public_cert_pillar".format(domain)) %}

  40.     - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:public_cert_pillar'.format(domain)) }}

  41. {% else %}

  42.     - contents_pillar: nginx:certificates:{{ domain }}:public_cert

  43. {% endif %}

  44.     - watch_in:

  45.       - service: nginx_service

  46. 

  47. {% if salt['pillar.get']("nginx:certificates:{}:private_key".format(domain)) or salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}

  48. nginx_{{ domain }}_ssl_key:

  49.   file.managed:

  50.     - name: {{ certificates_path }}/{{ domain }}.key

  51.     - mode: 600

  52.     - makedirs: True

  53. {% if salt['pillar.get']("nginx:certificates:{}:private_key_pillar".format(domain)) %}

  54.     - contents_pillar: {{ salt['pillar.get']('nginx:certificates:{}:private_key_pillar'.format(domain)) }}

  55. {% else %}

  56.     - contents_pillar: nginx:certificates:{{ domain }}:private_key

  57. {% endif %}

  58.     - watch_in:

  59.       - service: nginx_service

  60. {% endif %}

  61. {%- endfor %}