Saltstack Official Nginx Formula

54 lines
1.6KB

  1. {% from 'nginx/ng/map.jinja' import nginx with context %}
  2. include:
  3. - nginx.ng.service
  4. {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
  5. {%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %}
  6. {%- if value is string %}
  7. create_nginx_dhparam_{{ dh_param }}_key:
  8. file.managed:
  9. - name: {{ certificates_path }}/{{ dh_param }}
  10. - contents_pillar: nginx:ng:dh_param:{{ dh_param }}
  11. - makedirs: True
  12. - watch_in:
  13. - service: nginx_service
  14. {%- else %}
  15. generate_nginx_dhparam_{{ dh_param }}_key:
  16. pkg.installed:
  17. - name: {{ nginx.lookup.openssl_package }}
  18. file.directory:
  19. - name: {{ certificates_path }}
  20. - makedirs: True
  21. cmd.run:
  22. - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
  23. - cwd: {{ certificates_path }}
  24. - creates: {{ certificates_path }}/{{ dh_param }}
  25. - watch_in:
  26. - service: nginx_service
  27. {%- endif %}
  28. {%- endfor %}
  29. {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
  30. nginx_{{ domain }}_ssl_certificate:
  31. file.managed:
  32. - name: {{ certificates_path }}/{{ domain }}.crt
  33. - makedirs: True
  34. - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
  35. - watch_in:
  36. - service: nginx_service
  37. {% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
  38. nginx_{{ domain }}_ssl_key:
  39. file.managed:
  40. - name: {{ certificates_path }}/{{ domain }}.key
  41. - mode: 600
  42. - makedirs: True
  43. - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
  44. - watch_in:
  45. - service: nginx_service
  46. {% endif %}
  47. {%- endfor %}