Add support for Let's Encrypt via ssl engine.
diff --git a/README.rst b/README.rst
index 108e558..a619b27 100644
--- a/README.rst
+++ b/README.rst
@@ -153,6 +153,29 @@
name: gitlab.domain.com
port: 80
+Let's Encrypt
+
+.. code-block:: yaml
+
+ nginx:
+ server:
+ enabled: true
+ bind:
+ address: '0.0.0.0'
+ ports:
+ - 443
+ site:
+ gitlab_domain:
+ enabled: true
+ type: gitlab
+ name: domain
+ ssl:
+ enabled: true
+ engine: letsencrypt
+ host:
+ name: gitlab.domain.com
+ port: 443
+
Read more
=========
diff --git a/nginx/files/_ssl.conf b/nginx/files/_ssl.conf
index 2288c3f..4cc0938 100644
--- a/nginx/files/_ssl.conf
+++ b/nginx/files/_ssl.conf
@@ -4,8 +4,14 @@
ssl on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
- ssl_certificate /etc/ssl/certs/{{ site.host.name }}-with-chain.crt;
+ {%- if site.ssl.engine is not defined %}
ssl_certificate_key /etc/ssl/private/{{ site.host.name }}.key;
+ ssl_certificate /etc/ssl/certs/{{ site.host.name }}-with-chain.crt;
+ {%- elif site.ssl.engine == 'letsencrypt' %}
+ ssl_certificate /etc/letsencrypt/live/{{ site.host.name }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ site.host.name }}/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/{{ site.host.name }}/fullchain.pem;
+ {%- endif %}
{%- set ssl_mode = site.ssl.get('mode', 'secure') %}
{%- include "nginx/files/_ssl_"+ssl_mode+".conf" %}
{%- endif %}
diff --git a/nginx/server/sites.sls b/nginx/server/sites.sls
index 250c92a..eb54dbc 100644
--- a/nginx/server/sites.sls
+++ b/nginx/server/sites.sls
@@ -5,6 +5,8 @@
{% if site.ssl is defined and site.ssl.enabled %}
+{%- if site.ssl.engine is not defined %}
+
{{ site.host.name }}_public_cert_{{ loop.index }}:
file.managed:
- name: /etc/ssl/certs/{{ site.host.name }}.crt
@@ -50,6 +52,8 @@
- watch_in:
- service: nginx_service
+{%- endif %}
+
{% endif %}
/etc/nginx/sites-available/{{ site.type }}_{{ site.name }}.conf: