Pārlūkot izejas kodu

Make certificates path configurable.

susefix
abednarik pirms 7 gadiem
vecāks
revīzija
57011ba3bf
2 mainītis faili ar 4 papildinājumiem un 2 dzēšanām
  1. +3
    -2
      nginx/ng/certificates.sls
  2. +1
    -0
      pillar.example

+ 3
- 2
nginx/ng/certificates.sls Parādīt failu

@@ -1,11 +1,12 @@
include:
- nginx.ng.service

{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}

nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt
- name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in:
@@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate:
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
nginx_{{ domain }}_ssl_key:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key
- name: {{ certificates_path }}/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key

+ 1
- 0
pillar.example Parādīt failu

@@ -132,6 +132,7 @@ nginx:
# }
# }

certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).

Notiek ielāde…
Atcelt
Saglabāt