Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nginx / b8cb543c4803c18db2c723a9b7fc454d4f86c46b^! / .
commitb8cb543c4803c18db2c723a9b7fc454d4f86c46b[log] [tgz]
authorDenis Egorenko <degorenko@mirantis.com>Mon Jul 15 16:47:32 2019 +0400
committerDenis Egorenko <degorenko@mirantis.com>Mon Jul 15 17:17:24 2019 +0400
tree9248c853049917f5228ebcd3690b951ee7d44b07
parentf48ac423f27e41b5e10d70dee968851772ecd469 [diff]
Add ability to override nginx ssl engine as not defined

If by default engine set to 'salt' and there is no way to unset it.

Change-Id: Iaac14c2afc9a8604642145ddbc0e0aacb8ca6b46
Related-Prod: PROD-27578

diff --git a/README.rst b/README.rst
index fa005ef..630b919 100644
--- a/README.rst
+++ b/README.rst

@@ -531,6 +531,21 @@
               key_file: /etc/ssl/private/mykey.key
               cert_file: /etc/ssl/cert/mycert.crt
 
+or
+
+.. code-block:: yaml
+
+    nginx:
+      server:
+        enabled: true
+        site:
+          mysite:
+            ssl:
+              enabled: true
+              engine: custom
+              key_file: /etc/ssl/private/mykey.key
+              cert_file: /etc/ssl/cert/mycert.crt
+
 Advanced SSL configuration, more information about SSL option
 may be found at http://nginx.org/en/docs/http/ngx_http_ssl_module.html
 

diff --git a/nginx/files/_ssl.conf b/nginx/files/_ssl.conf
index cff3cce..f40850e 100644
--- a/nginx/files/_ssl.conf
+++ b/nginx/files/_ssl.conf

@@ -11,7 +11,7 @@
   ssl on;
   ssl_session_cache {{ site.ssl.get('session_cache', 'shared:SSL:10m') }};
   ssl_session_timeout {{ site.ssl.get('session_timeout', '10m') }};
-    {%- if site.ssl.engine is not defined %}
+    {%- if site.ssl.engine is not defined or site.ssl.engine == 'custom' %}
 
   ssl_certificate_key {{ key_file }};
       {%- if site.ssl.chain is defined or site.ssl.authority is defined %}

diff --git a/nginx/server/sites.sls b/nginx/server/sites.sls
index 39dd612..a125c8e 100644
--- a/nginx/server/sites.sls
+++ b/nginx/server/sites.sls

@@ -53,7 +53,7 @@
 {%- set cert_file=site.ssl.get('cert_file', '/etc/ssl/certs/{0}.crt'.format(site.host.name)) %}
 {%- set chain_file=site.ssl.get('chain_file', '/etc/ssl/certs/{0}-with-chain.crt'.format(site.host.name)) %}
 
-{%- if site.ssl.engine is not defined %}
+{%- if site.ssl.engine is not defined or site.ssl.engine == 'custom' %}
 
 {%- if site.ssl.key is defined %}
 

diff --git a/tests/pillar/horizon_with_ssl_extra.sls b/tests/pillar/horizon_with_ssl_extra.sls
index cf7291a..061ec69 100644
--- a/tests/pillar/horizon_with_ssl_extra.sls
+++ b/tests/pillar/horizon_with_ssl_extra.sls

@@ -18,6 +18,7 @@
         ssl:
           enabled: true
           authority: salt_master_ca
+          engine: custom
           ca_file: /etc/ssl/certs/RSA_Security_2048_v3.pem
           key_file: /etc/ssl/private/ssl-cert-snakeoil.key
           cert_file: /etc/ssl/certs/RSA_Security_2048_v3.pem