gnuviech/gvasalt
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

setup default nginx ssl/security configuration for vagrant

Browse source
This commit is contained in:
Jan Dittberner 2015-10-04 19:32:42 +02:00
parent da472f9009
commit f111fcc090
6 changed files with 103 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
roots/base/nginx.conf
View file

@ -26,13 +26,6 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##

17
roots/base/nginx.sls
View file

@ -19,3 +19,20 @@ nginx-common:
- pkg: nginx-common
- watch_in:
- service: nginx
{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
{{ nginx_ssl_certdir }}:
file.directory:
- user: root
- group: root
- mode: 0755
- makedirs: True
{{ nginx_ssl_keydir }}:
file.directory:
- user: root
- group: root
- mode: 0750
- makedirs: True