diff --git a/states/nginx/init.sls b/states/nginx/init.sls
index cd47736..891869b 100644
--- a/states/nginx/init.sls
+++ b/states/nginx/init.sls
@@ -36,3 +36,52 @@ nginx-common:
     - group: root
     - mode: 0750
     - makedirs: True
+
+generate-dhparam-nginx:
+  cmd.run:
+    - name: openssl dhparam -out {{ nginx_ssl_keydir }}/dhparams.pem 2048
+    - umask: 022
+    - runas: root
+    - timeout: 300
+    - output_loglevel: debug
+    - creates: {{ nginx_ssl_keydir }}/dhparams.pem
+    - require:
+      - file: {{ nginx_ssl_keydir }}
+    - require_in:
+      - file: /etc/nginx/conf.d/ssl.conf
+    - watch_in:
+      - service: nginx
+
+/etc/nginx/conf.d/ssl.conf:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - source: salt://nginx/nginx-ssl.conf
+    - template: jinja
+    - require:
+      - pkg: nginx
+    - watch_in:
+      - service: nginx
+
+/etc/nginx/snippets/security.conf:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - source: salt://nginx/nginx-security.conf
+    - require:
+      - pkg: nginx
+    - watch_in:
+      - service: nginx
+
+/etc/nginx/conf.d/logformat.conf:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - source: salt://nginx/nginx-logformat.conf
+    - require:
+      - pkg: nginx
+    - watch_in:
+      - service: nginx
diff --git a/states/webserver/nginx-logformat.conf b/states/nginx/nginx-logformat.conf
similarity index 100%
rename from states/webserver/nginx-logformat.conf
rename to states/nginx/nginx-logformat.conf
diff --git a/states/webserver/nginx-security.conf b/states/nginx/nginx-security.conf
similarity index 100%
rename from states/webserver/nginx-security.conf
rename to states/nginx/nginx-security.conf
diff --git a/states/webserver/nginx-ssl.conf b/states/nginx/nginx-ssl.conf
similarity index 79%
rename from states/webserver/nginx-ssl.conf
rename to states/nginx/nginx-ssl.conf
index 305f31d..fcc6bfb 100644
--- a/states/webserver/nginx-ssl.conf
+++ b/states/nginx/nginx-ssl.conf
@@ -4,7 +4,7 @@ ssl_ciphers kEECDH+AESGCM:kEECDH+AES:kEECDH:EDH+AESGCM:kEDH+AES:kEDH:AESGCM:ALL:
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;
 
-ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') }}/dhparams.pem;
+ssl_dhparam {{ salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') }}/dhparams.pem;
 
 # OCSP stapling
 ssl_stapling on;
diff --git a/states/webserver/init.sls b/states/webserver/init.sls
index 4b0dd00..06ec756 100644
--- a/states/webserver/init.sls
+++ b/states/webserver/init.sls
@@ -1,51 +1,2 @@
 include:
   - nginx
-
-/etc/nginx/conf.d/logformat.conf:
-  file.managed:
-    - user: root
-    - group: root
-    - mode: 0644
-    - source: salt://webserver/nginx-logformat.conf
-    - require:
-      - pkg: nginx
-    - watch_in:
-      - service: nginx
-
-{% set ssldir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
-
-generate-dhparam-nginx:
-  cmd.run:
-    - name: openssl dhparam -out {{ ssldir }}/dhparams.pem 2048
-    - umask: 022
-    - runas: root
-    - timeout: 300
-    - output_loglevel: debug
-    - creates: {{ ssldir }}/dhparams.pem
-    - require_in:
-      - file: /etc/nginx/conf.d/ssl.conf
-    - watch_in:
-      - service: nginx
-
-/etc/nginx/conf.d/ssl.conf:
-  file.managed:
-    - user: root
-    - group: root
-    - mode: 0644
-    - source: salt://webserver/nginx-ssl.conf
-    - template: jinja
-    - require:
-      - pkg: nginx
-    - watch_in:
-      - service: nginx
-
-/etc/nginx/snippets/security.conf:
-  file.managed:
-    - user: root
-    - group: root
-    - mode: 0644
-    - source: salt://webserver/nginx-security.conf
-    - require:
-      - pkg: nginx
-    - watch_in:
-      - service: nginx