nginx.sls 1.55 KB
Newer Older
Guba Sándor committed
1
nginx:
Bach Dániel committed
2 3
  service.running:
    - enable: True
4
    - watch:
Bach Dániel committed
5 6 7 8 9 10
       - pkg: nginx
       - cmd: circlecert
       - file: nginxdefault
       {% if grains['os_family'] == 'RedHat' %}
       - file: nginxconf
       {% endif %}
Guba Sándor committed
11 12 13
  pkg:
   - installed

Bach Dániel committed
14 15
circlecert:
  cmd.run:
16
    {% if grains['os_family'] == 'RedHat' %}
Bach Dániel committed
17
    - name: ./make-dummy-cert circle.pem
18
    {% else %}
19
    - name: openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout circle.key -out circle.crt -subj '/CN=localhost/O=My Company Name LTD./C=US' && cat circle.key circle.crt > circle.pem && rm circle.key circle.crt; chmod 600 circle.pem
20
    {% endif %}
Bach Dániel committed
21 22
    - cwd: /etc/ssl/certs/
    - creates: /etc/ssl/certs/circle.pem
Guba Sándor committed
23

Bach Dániel committed
24 25 26 27 28 29 30 31 32 33 34 35 36 37
{% if grains['os_family'] == 'RedHat' %}
nginx_selinux:
  pkg.installed:
    - pkgs:
      - policycoreutils
      - policycoreutils-python
  selinux.boolean:
    - name: httpd_can_network_connect
    - value: True
    - persist: True
    - require:
      - pkg: nginx_selinux
{% endif %}

Bach Dániel committed
38
nginxdefault:
Guba Sándor committed
39
  file.managed:
40
    {% if grains['os_family'] == 'RedHat' %}
Guba Sándor committed
41
    - name: /etc/nginx/conf.d/default.conf
42
    {% else %}
Bach Dániel committed
43
    - name: /etc/nginx/sites-enabled/default
44
    {% endif %}
Bach Dániel committed
45 46 47 48 49 50 51 52 53 54 55
    - template: jinja
    - source: salt://manager/files/nginx-default-site.conf
    - user: root
    - group: root
    - require:
       - pkg: nginx

{% if grains['os_family'] == 'RedHat' %}
nginxconf:
  file.managed:
    - name: /etc/nginx/nginx.conf
Guba Sándor committed
56 57 58 59 60 61
    - template: jinja
    - source: salt://manager/files/nginx.conf
    - user: root
    - group: root
    - require:
       - pkg: nginx
Bach Dániel committed
62
{% endif %}