Selaa lähdekoodia

Make certificates path configurable.

susefix
abednarik 7 vuotta sitten
vanhempi
commit
57011ba3bf
2 muutettua tiedostoa jossa 4 lisäystä ja 2 poistoa
  1. +3
    -2
      nginx/ng/certificates.sls
  2. +1
    -0
      pillar.example

+ 3
- 2
nginx/ng/certificates.sls Näytä tiedosto

@@ -1,11 +1,12 @@
include:
- nginx.ng.service

{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}

nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in:
@@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate:
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key

+ 1
- 0
pillar.example Näytä tiedosto

@@ -132,6 +132,7 @@ nginx:
# }
# }

certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).

Loading…
Peruuta
Tallenna