Merge pull request #89 from andrew-vant/certificates

Added nginx.ng.certificates state.
This commit is contained in:
puneet kandhari 2015-06-29 11:33:39 -05:00
commit 8db7bf7b4d
3 changed files with 44 additions and 0 deletions

23
nginx/ng/certificates.sls Normal file
View File

@ -0,0 +1,23 @@
include:
- nginx.ng.service
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
nginx_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.crt
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:public_cert
- watch_in:
- service: nginx_service
nginx_{{ domain }}_ssl_key:
file.managed:
- name: /etc/nginx/ssl/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: nginx:ng:certificates:{{ domain }}:private_key
- watch_in:
- service: nginx_service
{%- endfor %}

View File

@ -6,6 +6,7 @@ include:
- nginx.ng.config
- nginx.ng.service
- nginx.ng.vhosts
- nginx.ng.certificates
extend:
nginx_service:

View File

@ -107,3 +107,23 @@ nginx:
# test something else;
# }
# }
# If you're doing SSL termination, you can deploy certificates this way.
# The private one(s) should go in a separate pillar file not in version
# control (or use encrypted pillar data).
certificates:
'www.example.com':
public_cert: |
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: www.example.com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: ExampleCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: www.example.com.key)
-----END RSA PRIVATE KEY-----