From d2bc1e6d7c4e0dc0b50da8fa2b68eb71ec601f5f Mon Sep 17 00:00:00 2001
From: Gilles Dartiguelongue <g.dartiguelongue@lexfo.fr>
Date: Tue, 11 Jul 2017 12:19:47 +0200
Subject: [PATCH] Add support for specifying dh_param file name

---
 nginx/ng/certificates.sls | 20 +++++++++++---------
 pillar.example            | 15 ++++++++-------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/nginx/ng/certificates.sls b/nginx/ng/certificates.sls
index a9e2659..7bd01aa 100644
--- a/nginx/ng/certificates.sls
+++ b/nginx/ng/certificates.sls
@@ -5,24 +5,26 @@ include:
 
 {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
 
-{% if salt.pillar.get('nginx:ng:dh_contents') %}
-create_nginx_dhparam_key:
+{%- for dh_param, value in salt.pillar.get('nginx:ng:dh_param').items() %}
+{%- if value is string %}
+create_nginx_dhparam_{{ dh_param }}_key:
   file.managed:
-    - name: {{ certificates_path }}/dhparam.pem
-    - contents_pillar: nginx:ng:dh_contents
+    - name: {{ certificates_path }}/{{ dh_param }}
+    - contents_pillar: nginx:ng:dh_param:{{ dh_param }}
     - makedirs: True
-{% elif salt.pillar.get('nginx:ng:dh_keygen', False) %}
-generate_nginx_dhparam_key:
+{%- else %}
+generate_nginx_dhparam_{{ dh_param }}_key:
   pkg.installed:
     - name: {{ nginx.lookup.openssl_package }}
   file.directory:
     - name: {{ certificates_path }}
     - makedirs: True
   cmd.run:
-    - name: openssl dhparam -out dhparam.pem {{ salt.pillar.get('nginx:ng:dh_keysize', 2048) }}
+    - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
     - cwd: {{ certificates_path }}
-    - creates: {{ certificates_path }}/dhparam.pem
-{% endif %}
+    - creates: {{ certificates_path }}/{{ dh_param }}
+{%- endif %}
+{%- endfor %}
 
 {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}
 
diff --git a/pillar.example b/pillar.example
index 61e6171..c879065 100644
--- a/pillar.example
+++ b/pillar.example
@@ -153,13 +153,14 @@ nginx:
           (Your Private Key: www.example.com.key)
           -----END RSA PRIVATE KEY-----
 
-    dh_contents: |
-      -----BEGIN DH PARAMETERS-----
-      (Your custom DH prime)
-      -----END DH PARAMETERS-----
-    # or to generate one on-the-fly
-    dh_keygen: true
-    dh_keysize: 2048
+    dh_param:
+      'mydhparam1.pem': |
+        -----BEGIN DH PARAMETERS-----
+        (Your custom DH prime)
+        -----END DH PARAMETERS-----
+      # or to generate one on-the-fly
+      'mydhparam2.pem':
+        keysize: 2048
 
     # Passenger configuration
     # Default passenger configuration is provided, and will be deployed in