nginx-formula/nginx/ng/certificates.sls

{% from 'nginx/ng/map.jinja' import nginx with context %}

include:
  - nginx.ng.service

{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}

{%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %}
{%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key:
  file.managed:
    - name: {{ certificates_path }}/{{ dh_param }}
    - contents_pillar: nginx:ng:dh_param:{{ dh_param }}
    - makedirs: True
    - watch_in:
      - service: nginx_service
{%- else %}
generate_nginx_dhparam_{{ dh_param }}_key:
  pkg.installed:
    - name: {{ nginx.lookup.openssl_package }}
  file.directory:
    - name: {{ certificates_path }}
    - makedirs: True
  cmd.run:
    - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
    - cwd: {{ certificates_path }}
    - creates: {{ certificates_path }}/{{ dh_param }}
    - watch_in:
      - service: nginx_service
{%- endif %}
{%- endfor %}

{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}

nginx_{{ domain }}_ssl_certificate:
  file.managed:
    - name: {{ certificates_path }}/{{ domain }}.crt
    - makedirs: True
    - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
    - watch_in:
      - service: nginx_service

{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
nginx_{{ domain }}_ssl_key:
  file.managed:
    - name: {{ certificates_path }}/{{ domain }}.key
    - mode: 600
    - makedirs: True
    - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
    - watch_in:
      - service: nginx_service
{% endif %}
{%- endfor %}
Handle installation of openssl to generate DH param 2017-07-11 11:31:17 +02:00			`{% from 'nginx/ng/map.jinja' import nginx with context %}`

Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`include:`
			`- nginx.ng.service`

Make certificates path configurable. 2017-07-31 20:51:58 +02:00			`{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}`
Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. 2016-09-19 17:35:30 +02:00
Ensure that pillar.get on nginx:ng:dhparam has a sane default value if dhparam isn't defined in the pillar. 2017-12-21 04:31:49 +01:00			`{%- for dh_param, value in salt['pillar.get']('nginx:ng:dh_param', {}).items() %}`
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`{%- if value is string %}`
			`create_nginx_dhparam_{{ dh_param }}_key:`
Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. 2016-09-19 17:35:30 +02:00			`file.managed:`
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`- name: {{ certificates_path }}/{{ dh_param }}`
			`- contents_pillar: nginx:ng:dh_param:{{ dh_param }}`
Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. 2016-09-19 17:35:30 +02:00			`- makedirs: True`
Add missing dependency on nginx_service 2017-07-11 11:44:40 +02:00			`- watch_in:`
			`- service: nginx_service`
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`{%- else %}`
			`generate_nginx_dhparam_{{ dh_param }}_key:`
Handle installation of openssl to generate DH param 2017-07-11 11:31:17 +02:00			`pkg.installed:`
			`- name: {{ nginx.lookup.openssl_package }}`
Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. 2016-09-19 17:35:30 +02:00			`file.directory:`
			`- name: {{ certificates_path }}`
			`- makedirs: True`
			`cmd.run:`
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`- name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}`
Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. 2016-09-19 17:35:30 +02:00			`- cwd: {{ certificates_path }}`
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`- creates: {{ certificates_path }}/{{ dh_param }}`
Add missing dependency on nginx_service 2017-07-11 11:44:40 +02:00			`- watch_in:`
			`- service: nginx_service`
Add support for specifying dh_param file name 2017-07-11 12:19:47 +02:00			`{%- endif %}`
			`{%- endfor %}`
Added dhparam file creation In order to improve security and ease of use, added creation/generation of dhparam file. 2016-09-19 17:35:30 +02:00
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}`

			`nginx_{{ domain }}_ssl_certificate:`
			`file.managed:`
Make certificates path configurable. 2017-07-31 20:51:58 +02:00			`- name: {{ certificates_path }}/{{ domain }}.crt`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`- makedirs: True`
			`- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert`
			`- watch_in:`
			`- service: nginx_service`

avoid crash if private_key is not shipped in pillar 2016-10-12 10:52:17 +02:00			`{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`nginx_{{ domain }}_ssl_key:`
			`file.managed:`
Make certificates path configurable. 2017-07-31 20:51:58 +02:00			`- name: {{ certificates_path }}/{{ domain }}.key`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`- mode: 600`
			`- makedirs: True`
			`- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key`
			`- watch_in:`
			`- service: nginx_service`
avoid crash if private_key is not shipped in pillar 2016-10-12 10:52:17 +02:00			`{% endif %}`
Added nginx.ng.certificates state. 2015-06-23 21:17:52 +02:00			`{%- endfor %}`