Make certificates path configurable.
This commit is contained in:
parent
d938725d2c
commit
57011ba3bf
@ -1,11 +1,12 @@
|
|||||||
include:
|
include:
|
||||||
- nginx.ng.service
|
- nginx.ng.service
|
||||||
|
|
||||||
|
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
|
||||||
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
|
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
|
||||||
|
|
||||||
nginx_{{ domain }}_ssl_certificate:
|
nginx_{{ domain }}_ssl_certificate:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: /etc/nginx/ssl/{{ domain }}.crt
|
- name: {{ certificates_path }}/{{ domain }}.crt
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
|
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
|
||||||
- watch_in:
|
- watch_in:
|
||||||
@ -14,7 +15,7 @@ nginx_{{ domain }}_ssl_certificate:
|
|||||||
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
|
{% if salt['pillar.get']("nginx:ng:certificates:{}:private_key".format(domain)) %}
|
||||||
nginx_{{ domain }}_ssl_key:
|
nginx_{{ domain }}_ssl_key:
|
||||||
file.managed:
|
file.managed:
|
||||||
- name: /etc/nginx/ssl/{{ domain }}.key
|
- name: {{ certificates_path }}/{{ domain }}.key
|
||||||
- mode: 600
|
- mode: 600
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
|
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
|
||||||
|
@ -132,6 +132,7 @@ nginx:
|
|||||||
# }
|
# }
|
||||||
# }
|
# }
|
||||||
|
|
||||||
|
certificates_path: '/etc/nginx/ssl' # Use this if you need to deploy below certificates in a custom path.
|
||||||
# If you're doing SSL termination, you can deploy certificates this way.
|
# If you're doing SSL termination, you can deploy certificates this way.
|
||||||
# The private one(s) should go in a separate pillar file not in version
|
# The private one(s) should go in a separate pillar file not in version
|
||||||
# control (or use encrypted pillar data).
|
# control (or use encrypted pillar data).
|
||||||
|
Loading…
Reference in New Issue
Block a user