Added nginx.ng.certificates state.

nginx/ng/certificates.sls

@@ -0,0 +1,23 @@
+include:
+  - nginx.ng.service
+
+{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
+
+nginx_{{ domain }}_ssl_certificate:
+  file.managed:
+    - name: /etc/nginx/ssl/{{ domain }}.crt
+    - makedirs: True
+    - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
+    - watch_in:
+      - service: nginx_service
+
+nginx_{{ domain }}_ssl_key:
+  file.managed:
+    - name: /etc/nginx/ssl/{{ domain }}.key
+    - mode: 600
+    - makedirs: True
+    - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
+    - watch_in:
+      - service: nginx_service
+
+{%- endfor %}

nginx/ng/init.sls

@@ -6,6 +6,7 @@ include:
   - nginx.ng.config
   - nginx.ng.service
   - nginx.ng.vhosts
+  - nginx.ng.certificates
 
 extend:
   nginx_service:

pillar.example

@@ -106,3 +106,23 @@ nginx:
           #        test something else;
           #    }
           # }         
+
+    # If you're doing SSL termination, you can deploy certificates this way.
+    # The private one(s) should go in a separate pillar file not in version
+    # control (or use encrypted pillar data).
+    certificates:
+      'www.example.com':
+        public_cert: |
+          -----BEGIN CERTIFICATE-----
+          (Your Primary SSL certificate: www.example.com.crt)
+          -----END CERTIFICATE-----
+          -----BEGIN CERTIFICATE-----
+          (Your Intermediate certificate: ExampleCA.crt)
+          -----END CERTIFICATE-----
+          -----BEGIN CERTIFICATE-----
+          (Your Root certificate: TrustedRoot.crt)
+          -----END CERTIFICATE-----
+        private_key: |
+          -----BEGIN RSA PRIVATE KEY-----
+          (Your Private Key: www.example.com.key)
+          -----END RSA PRIVATE KEY-----