Make certificates path configurable.

This commit is contained in:
abednarik 2017-07-31 15:51:58 -03:00
parent d938725d2c
commit 57011ba3bf
2 changed files with 4 additions and 2 deletions

View File

@ -1,11 +1,12 @@
include: include:
- nginx.ng.service - nginx.ng.service
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
nginx_{{ domain }}_ssl_certificate: nginx_{{ domain }}_ssl_certificate:
file.managed: file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt - name: {{ certificates_path }}/{{ domain }}.crt
- makedirs: True - makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert - contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in: - watch_in:
@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate:
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %} {% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
nginx_{{ domain }}_ssl_key: nginx_{{ domain }}_ssl_key:
file.managed: file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key - name: {{ certificates_path }}/{{ domain }}.key
- mode: 600 - mode: 600
- makedirs: True - makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key - contents_pillar: nginx:ng:certificates:{{ domain }}:private_key

View File

@ -132,6 +132,7 @@ nginx:
# } # }
# } # }
certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
# If you're doing SSL termination, you can deploy certificates this way. # If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version # The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data). # control (or use encrypted pillar data).