Merge pull request #10 from tcpcloud/ssl
Allow using already deployed ssl key/cert
diff --git a/README.rst b/README.rst
index d11cbfa..2780a2f 100644
--- a/README.rst
+++ b/README.rst
@@ -224,6 +224,21 @@
name: gitlab.domain.com
port: 443
+SSL using already deployed key and cert file.
+Note that cert file should already contain CA cert and complete chain.
+
+.. code-block:: yaml
+
+ nginx:
+ server:
+ enabled: true
+ site:
+ mysite:
+ ssl:
+ enabled: true
+ key_file: /etc/ssl/private/mykey.key
+ cert_file: /etc/ssl/cert/mycert.crt
+
Nginx stats server (required by collectd nginx plugin)
.. code-block::
diff --git a/nginx/files/_ssl.conf b/nginx/files/_ssl.conf
index a30ea4a..2914885 100644
--- a/nginx/files/_ssl.conf
+++ b/nginx/files/_ssl.conf
@@ -7,12 +7,17 @@
{%- if site.ssl.engine is not defined %}
+ {%- if site.ssl.key_file is defined %}
+ ssl_certificate_key {{ site.ssl.key_file }};
+ ssl_certificate {{ site.ssl.cert_file }};
+ {%- else %}
ssl_certificate_key /etc/ssl/private/{{ site.host.name }}.key;
{%- if site.ssl.chain is defined or site.ssl.authority is defined %}
ssl_certificate /etc/ssl/certs/{{ site.host.name }}-with-chain.crt;
{%- else %}
ssl_certificate /etc/ssl/certs/{{ site.host.name }}.crt;
{%- endif %}
+ {%- endif %}
{%- elif site.ssl.engine == 'letsencrypt' %}
diff --git a/nginx/server/sites.sls b/nginx/server/sites.sls
index a1ca96c..8137e03 100644
--- a/nginx/server/sites.sls
+++ b/nginx/server/sites.sls
@@ -10,6 +10,8 @@
{%- if site.ssl.engine is not defined %}
+{%- if site.ssl.key is defined %}
+
{{ site.host.name }}_public_cert:
file.managed:
- name: /etc/ssl/certs/{{ site.host.name }}.crt
@@ -59,6 +61,8 @@
{%- endif %}
+{%- endif %}
+
{%- elif site.ssl.engine == 'salt' %}
nginx_init_{{ site.host.name }}_tls: