Jan Dittberner
95b2e521eb
Make sure that the jessie-backports repository is available and that the python-cryptography package from that repository is used.
31 lines
1.1 KiB
Text
31 lines
1.1 KiB
Text
{%- macro key_cert(domain_name) %}
|
|
{% set nginx_ssl_keydir = salt['pillar.get']('nginx:sslkeydir', '/etc/nginx/ssl/private') %}
|
|
{% set nginx_ssl_certdir = salt['pillar.get']('nginx:sslcertdir', '/etc/nginx/ssl/certs') %}
|
|
{% set keyfile = nginx_ssl_keydir + '/' + domain_name + '.key.pem' %}
|
|
{% set certfile = nginx_ssl_certdir + '/' + domain_name + '.crt.pem' %}
|
|
|
|
{{ keyfile }}:
|
|
rsa_key.valid_key:
|
|
- bits: {{ salt['pillar.get']('nginx:keylength:' + domain_name, 2048) }}
|
|
- require:
|
|
- file: {{ nginx_ssl_keydir }}
|
|
- pkg: python-cryptography
|
|
- require_in:
|
|
- file: /etc/nginx/sites-available/{{ domain_name }}
|
|
- service: nginx
|
|
|
|
{{ certfile }}:
|
|
cmd.run:
|
|
- name: openssl req -new -x509 -key {{ keyfile }} -subj '/CN={{ domain_name }}' -days 730 -out {{ certfile }}
|
|
- require:
|
|
- rsa_key: {{ keyfile }}
|
|
- creates: {{ certfile }}
|
|
x509_certificate.valid_certificate:
|
|
- require:
|
|
- file: {{ nginx_ssl_certdir }}
|
|
- cmd: {{ certfile }}
|
|
- pkg: python-cryptography
|
|
- require_in:
|
|
- file: /etc/nginx/sites-available/{{ domain_name }}
|
|
- service: nginx
|
|
{% endmacro %}
|