Browse Source

Merge pull request #163 from Perceptyx/cert_path_configurable

Make certificates path configurable.
susefix
Niels Abspoel 7 years ago
parent
commit
07d06079bc
2 changed files with 4 additions and 2 deletions
  1. +3
    -2
      nginx/ng/certificates.sls
  2. +1
    -0
      pillar.example

+ 3
- 2
nginx/ng/certificates.sls View File

include: include:
- nginx.ng.service - nginx.ng.service


{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}


nginx_{{ domain }}_ssl_certificate: nginx_{{ domain }}_ssl_certificate:
file.managed: file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True - makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in: - watch_in:
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %} {% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
nginx_{{ domain }}_ssl_key: nginx_{{ domain }}_ssl_key:
file.managed: file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600 - mode: 600
- makedirs: True - makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key

+ 1
- 0
pillar.example View File

# } # }
# } # }


certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
# If you're doing SSL termination, you can deploy certificates this way. # If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version # The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data). # control (or use encrypted pillar data).

Loading…
Cancel
Save