Merge pull request #89 from andrew-vant/certificates
Added nginx.ng.certificates state.
This commit is contained in:
commit
8db7bf7b4d
23
nginx/ng/certificates.sls
Normal file
23
nginx/ng/certificates.sls
Normal file
@ -0,0 +1,23 @@
|
||||
include:
|
||||
- nginx.ng.service
|
||||
|
||||
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
|
||||
|
||||
nginx_{{ domain }}_ssl_certificate:
|
||||
file.managed:
|
||||
- name: /etc/nginx/ssl/{{ domain }}.crt
|
||||
- makedirs: True
|
||||
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
|
||||
- watch_in:
|
||||
- service: nginx_service
|
||||
|
||||
nginx_{{ domain }}_ssl_key:
|
||||
file.managed:
|
||||
- name: /etc/nginx/ssl/{{ domain }}.key
|
||||
- mode: 600
|
||||
- makedirs: True
|
||||
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
|
||||
- watch_in:
|
||||
- service: nginx_service
|
||||
|
||||
{%- endfor %}
|
@ -6,6 +6,7 @@ include:
|
||||
- nginx.ng.config
|
||||
- nginx.ng.service
|
||||
- nginx.ng.vhosts
|
||||
- nginx.ng.certificates
|
||||
|
||||
extend:
|
||||
nginx_service:
|
||||
|
@ -107,3 +107,23 @@ nginx:
|
||||
# test something else;
|
||||
# }
|
||||
# }
|
||||
|
||||
# If you're doing SSL termination, you can deploy certificates this way.
|
||||
# The private one(s) should go in a separate pillar file not in version
|
||||
# control (or use encrypted pillar data).
|
||||
certificates:
|
||||
'www.example.com':
|
||||
public_cert: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
(Your Primary SSL certificate: www.example.com.crt)
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
(Your Intermediate certificate: ExampleCA.crt)
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN CERTIFICATE-----
|
||||
(Your Root certificate: TrustedRoot.crt)
|
||||
-----END CERTIFICATE-----
|
||||
private_key: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
(Your Private Key: www.example.com.key)
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
Loading…
Reference in New Issue
Block a user