Niels Abspoel
7 years ago
3 changed files with 44 additions and 2 deletions
+ 28
- 0
nginx/ng/certificates.sls
View File
| {% from 'nginx/ng/map.jinja' import nginx with context %} | |||||
| include: | include: | ||||
| - nginx.ng.service | - nginx.ng.service | ||||
| {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} | {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} | ||||
| {%- for dh_param, value in salt.pillar.get('nginx:ng:dh_param').items() %} | |||||
| {%- if value is string %} | |||||
| create_nginx_dhparam_{{ dh_param }}_key: | |||||
| file.managed: | |||||
| - name: {{ certificates_path }}/{{ dh_param }} | |||||
| - contents_pillar: nginx:ng:dh_param:{{ dh_param }} | |||||
| - makedirs: True | |||||
| - watch_in: | |||||
| - service: nginx_service | |||||
| {%- else %} | |||||
| generate_nginx_dhparam_{{ dh_param }}_key: | |||||
| pkg.installed: | |||||
| - name: {{ nginx.lookup.openssl_package }} | |||||
| file.directory: | |||||
| - name: {{ certificates_path }} | |||||
| - makedirs: True | |||||
| cmd.run: | |||||
| - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }} | |||||
| - cwd: {{ certificates_path }} | |||||
| - creates: {{ certificates_path }}/{{ dh_param }} | |||||
| - watch_in: | |||||
| - service: nginx_service | |||||
| {%- endif %} | |||||
| {%- endfor %} | |||||
| {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} | {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} | ||||
| nginx_{{ domain }}_ssl_certificate: | nginx_{{ domain }}_ssl_certificate: |
+ 7
- 1
nginx/ng/map.jinja
View File
| 'server_enabled': '/etc/nginx/sites-enabled', | 'server_enabled': '/etc/nginx/sites-enabled', | ||||
| 'server_use_symlink': True, | 'server_use_symlink': True, | ||||
| 'pid_file': '/run/nginx.pid', | 'pid_file': '/run/nginx.pid', | ||||
| 'openssl_package': 'openssl', | |||||
| }, | }, | ||||
| 'CentOS': { | 'CentOS': { | ||||
| 'package': 'nginx', | 'package': 'nginx', | ||||
| 'rh_os_releasever': '$releasever', | 'rh_os_releasever': '$releasever', | ||||
| 'gpg_check': False, | 'gpg_check': False, | ||||
| 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', | 'gpg_key': 'http://nginx.org/keys/nginx_signing.key', | ||||
| 'openssl_package': 'openssl', | |||||
| }, | }, | ||||
| 'RedHat': { | 'RedHat': { | ||||
| 'package': 'nginx', | 'package': 'nginx', | ||||
| 'passenger_instance_registry_dir': ' /var/run/passenger-instreg', | 'passenger_instance_registry_dir': ' /var/run/passenger-instreg', | ||||
| 'passenger_ruby': '/usr/bin/ruby', | 'passenger_ruby': '/usr/bin/ruby', | ||||
| }, | }, | ||||
| 'openssl_package': 'openssl', | |||||
| }, | }, | ||||
| 'Suse': { | 'Suse': { | ||||
| 'package': 'nginx', | 'package': 'nginx', | ||||
| 'server_use_symlink': False, | 'server_use_symlink': False, | ||||
| 'pid_file': '/run/nginx.pid', | 'pid_file': '/run/nginx.pid', | ||||
| 'gpg_check': True, | 'gpg_check': True, | ||||
| 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/repodata/repomd.xml.key' | |||||
| 'gpg_key': 'http://download.opensuse.org/repositories/server:/http/openSUSE_13.2/repodata/repomd.xml.key', | |||||
| 'openssl_package': 'openssl', | |||||
| }, | }, | ||||
| 'Arch': { | 'Arch': { | ||||
| 'package': 'nginx', | 'package': 'nginx', | ||||
| 'server_available': '/etc/nginx/sites-available', | 'server_available': '/etc/nginx/sites-available', | ||||
| 'server_enabled': '/etc/nginx/sites-enabled', | 'server_enabled': '/etc/nginx/sites-enabled', | ||||
| 'server_use_symlink': True, | 'server_use_symlink': True, | ||||
| 'openssl_package': 'openssl', | |||||
| }, | }, | ||||
| 'Gentoo': { | 'Gentoo': { | ||||
| 'package': 'www-servers/nginx', | 'package': 'www-servers/nginx', | ||||
| 'server_available': '/etc/nginx/sites-available', | 'server_available': '/etc/nginx/sites-available', | ||||
| 'server_enabled': '/etc/nginx/sites-enabled', | 'server_enabled': '/etc/nginx/sites-enabled', | ||||
| 'server_use_symlink': True, | 'server_use_symlink': True, | ||||
| 'openssl_package': 'dev-libs/openssl', | |||||
| }, | }, | ||||
| 'FreeBSD': { | 'FreeBSD': { | ||||
| 'package': 'nginx', | 'package': 'nginx', |
+ 9
- 1
pillar.example
View File
| (Your Private Key: www.example.com.key) | (Your Private Key: www.example.com.key) | ||||
| -----END RSA PRIVATE KEY----- | -----END RSA PRIVATE KEY----- | ||||
| dh_param: | |||||
| 'mydhparam1.pem': | | |||||
| -----BEGIN DH PARAMETERS----- | |||||
| (Your custom DH prime) | |||||
| -----END DH PARAMETERS----- | |||||
| # or to generate one on-the-fly | |||||
| 'mydhparam2.pem': | |||||
| keysize: 2048 | |||||
| # Passenger configuration | # Passenger configuration | ||||
| # Default passenger configuration is provided, and will be deployed in | # Default passenger configuration is provided, and will be deployed in | ||||
| # /etc/nginx/conf.d/passenger.conf | # /etc/nginx/conf.d/passenger.conf | ||||
| passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini | passenger_root: /usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini | ||||
| passenger_ruby: /usr/bin/ruby | passenger_ruby: /usr/bin/ruby | ||||
| passenger_instance_registry_dir: /var/run/passenger-instreg | passenger_instance_registry_dir: /var/run/passenger-instreg | ||||
Loading…