浏览代码

Merge pull request #163 from Perceptyx/cert_path_configurable

Make certificates path configurable.
susefix
Niels Abspoel 7 年前
父节点
当前提交
07d06079bc
共有 2 个文件被更改,包括 4 次插入2 次删除
  1. +3
    -2
      nginx/ng/certificates.sls
  2. +1
    -0
      pillar.example

+ 3
- 2
nginx/ng/certificates.sls 查看文件

@@ -1,11 +1,12 @@
include:
- nginx.ng.service

{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}

nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in:
@@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate:
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key

+ 1
- 0
pillar.example 查看文件

@@ -132,6 +132,7 @@ nginx:
# }
# }

certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).

正在加载...
取消
保存