Add dhparam creationmaster
@@ -1,7 +1,35 @@ | |||
{% from 'nginx/ng/map.jinja' import nginx with context %} | |||
include: | |||
- nginx.ng.service | |||
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} | |||
{%- for dh_param, value in salt.pillar.get('nginx:ng:dh_param').items() %} | |||
{%- if value is string %} | |||
create_nginx_dhparam_{{ dh_param }}_key: | |||
file.managed: | |||
- name: {{ certificates_path }}/{{ dh_param }} | |||
- contents_pillar: nginx:ng:dh_param:{{ dh_param }} | |||
- makedirs: True | |||
- watch_in: | |||
- service: nginx_service | |||
{%- else %} | |||
generate_nginx_dhparam_{{ dh_param }}_key: | |||
pkg.installed: | |||
- name: {{ nginx.lookup.openssl_package }} | |||
file.directory: | |||
- name: {{ certificates_path }} | |||
- makedirs: True | |||
cmd.run: | |||
- name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }} | |||
- cwd: {{ certificates_path }} | |||
- creates: {{ certificates_path }}/{{ dh_param }} | |||
- watch_in: | |||
- service: nginx_service | |||
{%- endif %} | |||
{%- endfor %} | |||
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} | |||
nginx_{{ domain }}_ssl_certificate: |
@@ -16,6 +16,7 @@ | |||
'server_enabled': '/etc/nginx/sites-enabled', | |||
'server_use_symlink': True, | |||
'pid_file': '/run/nginx.pid', | |||
'openssl_package': 'openssl', | |||
}, | |||
'CentOS': { | |||
'package': 'nginx', | |||
@@ -30,6 +31,7 @@ | |||
'rh_os_releasever': '$releasever', | |||
'gpg_check': False, | |||
'gpg_key': 'http://nginx.org/keys/nginx_signing.key', | |||
'openssl_package': 'openssl', | |||
}, | |||
'RedHat': { | |||
'package': 'nginx', | |||
@@ -49,6 +51,7 @@ | |||
'passenger_instance_registry_dir': ' /var/run/passenger-instreg', | |||
'passenger_ruby': '/usr/bin/ruby', | |||
}, | |||
'openssl_package': 'openssl', | |||
}, | |||
'Suse': { | |||
'package': 'nginx', | |||
@@ -60,7 +63,8 @@ | |||
'server_use_symlink': False, | |||
'pid_file': '/run/nginx.pid', | |||
'gpg_check': True, | |||
'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/repodata/repomd.xml.key' | |||
'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/repodata/repomd.xml.key', | |||
'openssl_package': 'openssl', | |||
}, | |||
'Arch': { | |||
'package': 'nginx', | |||
@@ -70,6 +74,7 @@ | |||
'server_available': '/etc/nginx/sites-available', | |||
'server_enabled': '/etc/nginx/sites-enabled', | |||
'server_use_symlink': True, | |||
'openssl_package': 'openssl', | |||
}, | |||
'Gentoo': { | |||
'package': 'www-servers/nginx', | |||
@@ -79,6 +84,7 @@ | |||
'server_available': '/etc/nginx/sites-available', | |||
'server_enabled': '/etc/nginx/sites-enabled', | |||
'server_use_symlink': True, | |||
'openssl_package': 'dev-libs/openssl', | |||
}, | |||
'FreeBSD': { | |||
'package': 'nginx', |
@@ -173,6 +173,15 @@ nginx: | |||
(Your Private Key: www.example.com.key) | |||
-----END RSA PRIVATE KEY----- | |||
dh_param: | |||
'mydhparam1.pem': | | |||
-----BEGIN DH PARAMETERS----- | |||
(Your custom DH prime) | |||
-----END DH PARAMETERS----- | |||
# or to generate one on-the-fly | |||
'mydhparam2.pem': | |||
keysize: 2048 | |||
# Passenger configuration | |||
# Default passenger configuration is provided, and will be deployed in | |||
# /etc/nginx/conf.d/passenger.conf | |||
@@ -180,4 +189,3 @@ nginx: | |||
passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini | |||
passenger_ruby: /usr/bin/ruby | |||
passenger_instance_registry_dir: /var/run/passenger-instreg | |||