Vhost ssl_name name is now optionnal

2016-11-07 17:22:14 +01:00 · 2016-11-07 17:22:14 +01:00 · 40f67fc103
parent 6b1366298f
commit 40f67fc103
4 changed files with 18 additions and 4 deletions
--- a/doc/ssl.md
+++ b/doc/ssl.md
@ -32,7 +32,8 @@ Note: `name` is used to deploy key/cert. With defaults values dans `name` = "foo
 Tips
 ----

-Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`!
+- Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`!
+- In `nginx_vhosts`, `ssl_name` is mandatory. This role will search in `nginx_ssl_pairs` with vhost `name` (first in list if it's a list).

 Diffie-Hellman
 --------------
@ -48,6 +49,9 @@ nginx_vhosts;
    proto: ['http', 'https']
    template: '_base'
    ssl_name: 'mysuperkey'
+  - name: 'test-ssl2.local'
+    proto: ['http', 'https']
+    template: '_base'

 nginx_ssl_pairs:
  - name: mysuperkey
@ -59,5 +63,15 @@ nginx_ssl_pairs:
      -----BEGIN CERTIFICATE-----
      ....(snip)....
      -----END CERTIFICATE-----
+  - name: test-ssl2.local
+    key: |
+      -----BEGIN RSA PRIVATE KEY-----
+      ....(snip)....
+      -----END RSA PRIVATE KEY-----
+    cert: |
+      -----BEGIN CERTIFICATE-----
+      ....(snip)....
+      -----END CERTIFICATE-----
+
 ```

--- a/doc/vhost.md
+++ b/doc/vhost.md
@ -24,7 +24,7 @@ Common
 - `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature.
 - `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost.
 - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
- `ssl_name`: (D) name of the key used when using TLS/SSL. Mandatory when `proto` contains "https"
+- `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
 - `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false". 
 - `php_version` (O) Sepecify PHP version (5 or 7)

--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@ -4,6 +4,7 @@
 {% set __listen_ssl = item.listen_ssl | default(['443']) %}
 {% set __location = item.location | default({}) %}
 {% set __headers = item.headers | default({'X-Frame-Options': 'DENY always', 'X-Content-Type-Options': 'nosniff always' }) %}
+{% set __ssl_name = item.ssl_name | default(item.name if item.name is string else item.name[0]) %}
 {% macro htpasswd(htpasswd_name, indent=1) -%}
 {% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
 {{ "\t" * indent }}auth_basic "{{ ht.description }}";
@ -33,7 +34,7 @@ server {
 {% for port in __listen_ssl %}
 	listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %};
 {% endfor %}
-{{ ssl(item.ssl_name) }}
+{{ ssl(__ssl_name) }}
 {% if item.ssl_template is not defined or item.ssl_template != false %}
 	include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
 {% endif %}
--- a/tests/test.yml
+++ b/tests/test.yml
@ -186,7 +186,6 @@
      - name: 'test-ssl.local'
        proto: ['http', 'https']
        template: '_base'
-        ssl_name: 'test-ssl.local'
      - name: 'test-ssl-predeployed.local'
        proto: ['http', 'https']
        template: '_base'