gnuviech/gvasalt
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Move webserver configuration to nginx state

Browse source
This commit is contained in:
Jan Dittberner 2017-08-20 13:56:10 +02:00
parent 9a557fa69f
commit c4dcf12a0a
5 changed files with 50 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

49
states/nginx/init.sls
View file

@ -36,3 +36,52 @@ nginx-common:
- group: root - group: root
- mode: 0750 - mode: 0750
- makedirs: True - makedirs: True
generate-dhparam-nginx:
cmd.run:
- name: openssl dhparam -out {{ nginx_ssl_keydir }}/dhparams.pem 2048
- umask: 022
- runas: root
- timeout: 300
- output_loglevel: debug
- creates: {{ nginx_ssl_keydir }}/dhparams.pem
- require:
- file: {{ nginx_ssl_keydir }}
- require_in:
- file: /etc/nginx/conf.d/ssl.conf
- watch_in:
- service: nginx
/etc/nginx/conf.d/ssl.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://nginx/nginx-ssl.conf
- template: jinja
- require:
- pkg: nginx
- watch_in:
- service: nginx
/etc/nginx/snippets/security.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://nginx/nginx-security.conf
- require:
- pkg: nginx
- watch_in:
- service: nginx
/etc/nginx/conf.d/logformat.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://nginx/nginx-logformat.conf
- require:
- pkg: nginx
- watch_in:
- service: nginx

0
states/webserver/nginx-logformat.conf → states/nginx/nginx-logformat.conf
View file

0
states/webserver/nginx-security.conf → states/nginx/nginx-security.conf
View file

2
states/webserver/nginx-ssl.conf → states/nginx/nginx-ssl.conf
View file

@ -4,7 +4,7 @@ ssl_ciphers kEECDH+AESGCM:kEECDH+AES:kEECDH:EDH+AESGCM:kEDH+AES:kEDH:AESGCM:ALL:
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_dhparam {{ salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') }}/dhparams.pem; ssl_dhparam {{ salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') }}/dhparams.pem;
# OCSP stapling # OCSP stapling
ssl_stapling on; ssl_stapling on;

49
states/webserver/init.sls
View file

@ -1,51 +1,2 @@
include: include:
- nginx - nginx
/etc/nginx/conf.d/logformat.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://webserver/nginx-logformat.conf
- require:
- pkg: nginx
- watch_in:
- service: nginx
{% set ssldir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
generate-dhparam-nginx:
cmd.run:
- name: openssl dhparam -out {{ ssldir }}/dhparams.pem 2048
- umask: 022
- runas: root
- timeout: 300
- output_loglevel: debug
- creates: {{ ssldir }}/dhparams.pem
- require_in:
- file: /etc/nginx/conf.d/ssl.conf
- watch_in:
- service: nginx
/etc/nginx/conf.d/ssl.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://webserver/nginx-ssl.conf
- template: jinja
- require:
- pkg: nginx
- watch_in:
- service: nginx
/etc/nginx/snippets/security.conf:
file.managed:
- user: root
- group: root
- mode: 0644
- source: salt://webserver/nginx-security.conf
- require:
- pkg: nginx
- watch_in:
- service: nginx