saltstack-formulas/nginx-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for specifying dh_param file name

Browse Source
This commit is contained in:
Gilles Dartiguelongue 2017-07-11 12:19:47 +02:00
parent db2db31300
commit d2bc1e6d7c
2 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nginx/ng/certificates.sls
View File

@ -5,24 +5,26 @@ include:
{% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %} {% set certificates_path = salt['pillar.get']('nginx:ng:certificates_path', '/etc/nginx/ssl') %}
{% if salt.pillar.get('nginx:ng:dh_contents') %} {%- for dh_param, value in salt.pillar.get('nginx:ng:dh_param').items() %}
create_nginx_dhparam_key: {%- if value is string %}
create_nginx_dhparam_{{ dh_param }}_key:
file.managed: file.managed:
- name: {{ certificates_path }}/dhparam.pem - name: {{ certificates_path }}/{{ dh_param }}
- contents_pillar: nginx:ng:dh_contents - contents_pillar: nginx:ng:dh_param:{{ dh_param }}
- makedirs: True - makedirs: True
{% elif salt.pillar.get('nginx:ng:dh_keygen', False) %} {%- else %}
generate_nginx_dhparam_key: generate_nginx_dhparam_{{ dh_param }}_key:
pkg.installed: pkg.installed:
- name: {{ nginx.lookup.openssl_package }} - name: {{ nginx.lookup.openssl_package }}
file.directory: file.directory:
- name: {{ certificates_path }} - name: {{ certificates_path }}
- makedirs: True - makedirs: True
cmd.run: cmd.run:
- name: openssl dhparam -out dhparam.pem {{ salt.pillar.get('nginx:ng:dh_keysize', 2048) }} - name: openssl dhparam -out {{ dh_param }} {{ value.get('keysize', 2048) }}
- cwd: {{ certificates_path }} - cwd: {{ certificates_path }}
- creates: {{ certificates_path }}/dhparam.pem - creates: {{ certificates_path }}/{{ dh_param }}
{% endif %} {%- endif %}
{%- endfor %}
{%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %} {%- for domain in salt['pillar.get']('nginx:ng:certificates', {}).keys() %}

15
pillar.example
View File

@ -153,13 +153,14 @@ nginx:
(Your Private Key: www.example.com.key) (Your Private Key: www.example.com.key)
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
dh_contents: | dh_param:
-----BEGIN DH PARAMETERS----- 'mydhparam1.pem': |
(Your custom DH prime) -----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS----- (Your custom DH prime)
# or to generate one on-the-fly -----END DH PARAMETERS-----
dh_keygen: true # or to generate one on-the-fly
dh_keysize: 2048 'mydhparam2.pem':
keysize: 2048
# Passenger configuration # Passenger configuration
# Default passenger configuration is provided, and will be deployed in # Default passenger configuration is provided, and will be deployed in