abednarik
7 years ago
2 changed files with 4 additions and 2 deletions
+ 3
- 2
nginx/ng/certificates.sls
View File
| @@ -1,11 +1,12 @@ | |||
| include: | |||
| - nginx.ng.service | |||
| {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} | |||
| {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} | |||
| nginx_{{ domain }}_ssl_certificate: | |||
| file.managed: | |||
| - name: /etc/nginx/ssl/{{ domain }}.crt | |||
| - name: {{ certificates_path }}/{{ domain }}.crt | |||
| - makedirs: True | |||
| - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert | |||
| - watch_in: | |||
| @@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate: | |||
| {% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %} | |||
| nginx_{{ domain }}_ssl_key: | |||
| file.managed: | |||
| - name: /etc/nginx/ssl/{{ domain }}.key | |||
| - name: {{ certificates_path }}/{{ domain }}.key | |||
| - mode: 600 | |||
| - makedirs: True | |||
| - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key | |||
+ 1
- 0
pillar.example
View File
| @@ -132,6 +132,7 @@ nginx: | |||
| # } | |||
| # } | |||
| certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path. | |||
| # If you're doing SSL termination, you can deploy certificates this way. | |||
| # The private one(s) should go in a separate pillar file not in version | |||
| # control (or use encrypted pillar data). | |||
Loading…