Vhost ssl_name name is now optionnal

pull/27/head
Emilien Mantel 2016-11-07 17:22:14 +01:00
parent 6b1366298f
commit 40f67fc103
4 changed files with 18 additions and 4 deletions

View File

@ -32,7 +32,8 @@ Note: `name` is used to deploy key/cert. With defaults values dans `name` = "foo
Tips Tips
---- ----
Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`! - Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`!
- In `nginx_vhosts`, `ssl_name` is mandatory. This role will search in `nginx_ssl_pairs` with vhost `name` (first in list if it's a list).
Diffie-Hellman Diffie-Hellman
-------------- --------------
@ -48,6 +49,9 @@ nginx_vhosts;
proto: ['http', 'https'] proto: ['http', 'https']
template: '_base' template: '_base'
ssl_name: 'mysuperkey' ssl_name: 'mysuperkey'
- name: 'test-ssl2.local'
proto: ['http', 'https']
template: '_base'
nginx_ssl_pairs: nginx_ssl_pairs:
- name: mysuperkey - name: mysuperkey
@ -59,5 +63,15 @@ nginx_ssl_pairs:
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
....(snip).... ....(snip)....
-----END CERTIFICATE----- -----END CERTIFICATE-----
- name: test-ssl2.local
key: |
-----BEGIN RSA PRIVATE KEY-----
....(snip)....
-----END RSA PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
....(snip)....
-----END CERTIFICATE-----
``` ```

View File

@ -24,7 +24,7 @@ Common
- `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature. - `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature.
- `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost. - `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost.
- `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support. - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
- `ssl_name`: (D) name of the key used when using TLS/SSL. Mandatory when `proto` contains "https" - `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
- `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false". - `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false".
- `php_version` (O) Sepecify PHP version (5 or 7) - `php_version` (O) Sepecify PHP version (5 or 7)

View File

@ -4,6 +4,7 @@
{% set __listen_ssl = item.listen_ssl | default(['443']) %} {% set __listen_ssl = item.listen_ssl | default(['443']) %}
{% set __location = item.location | default({}) %} {% set __location = item.location | default({}) %}
{% set __headers = item.headers | default({'X-Frame-Options': 'DENY always', 'X-Content-Type-Options': 'nosniff always' }) %} {% set __headers = item.headers | default({'X-Frame-Options': 'DENY always', 'X-Content-Type-Options': 'nosniff always' }) %}
{% set __ssl_name = item.ssl_name | default(item.name if item.name is string else item.name[0]) %}
{% macro htpasswd(htpasswd_name, indent=1) -%} {% macro htpasswd(htpasswd_name, indent=1) -%}
{% for ht in nginx_htpasswd if ht.name == htpasswd_name %} {% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
{{ "\t" * indent }}auth_basic "{{ ht.description }}"; {{ "\t" * indent }}auth_basic "{{ ht.description }}";
@ -33,7 +34,7 @@ server {
{% for port in __listen_ssl %} {% for port in __listen_ssl %}
listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}; listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %};
{% endfor %} {% endfor %}
{{ ssl(item.ssl_name) }} {{ ssl(__ssl_name) }}
{% if item.ssl_template is not defined or item.ssl_template != false %} {% if item.ssl_template is not defined or item.ssl_template != false %}
include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }}; include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
{% endif %} {% endif %}

View File

@ -186,7 +186,6 @@
- name: 'test-ssl.local' - name: 'test-ssl.local'
proto: ['http', 'https'] proto: ['http', 'https']
template: '_base' template: '_base'
ssl_name: 'test-ssl.local'
- name: 'test-ssl-predeployed.local' - name: 'test-ssl-predeployed.local'
proto: ['http', 'https'] proto: ['http', 'https']
template: '_base' template: '_base'