Saltstack Official Nginx Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

44 satır
1.3KB

  1. include:
  2. - nginx.ng.service
  3. {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
  4. {% if salt.pillar.get('nginx:ng:dh_contents') %}
  5. create_nginx_dhparam_key:
  6. file.managed:
  7. - name: {{ certificates_path }}/dhparam.pem
  8. - contents_pillar: nginx:ng:dh_contents
  9. - makedirs: True
  10. {% elif salt.pillar.get('nginx:ng:dh_keygen', False) %}
  11. generate_nginx_dhparam_key:
  12. file.directory:
  13. - name: {{ certificates_path }}
  14. - makedirs: True
  15. cmd.run:
  16. - name: openssl dhparam -out dhparam.pem {{ salt.pillar.get('nginx:ng:dh_keysize', 2048) }}
  17. - cwd: {{ certificates_path }}
  18. - creates: {{ certificates_path }}/dhparam.pem
  19. {% endif %}
  20. {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
  21. nginx_{{ domain }}_ssl_certificate:
  22. file.managed:
  23. - name: {{ certificates_path }}/{{ domain }}.crt
  24. - makedirs: True
  25. - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
  26. - watch_in:
  27. - service: nginx_service
  28. {% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
  29. nginx_{{ domain }}_ssl_key:
  30. file.managed:
  31. - name: {{ certificates_path }}/{{ domain }}.key
  32. - mode: 600
  33. - makedirs: True
  34. - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
  35. - watch_in:
  36. - service: nginx_service
  37. {% endif %}
  38. {%- endfor %}