Add new filter plugins related to SSL
Emilien Mantel
parent
20d4b6829a
commit
a8b062284e
|
|
@ -10,11 +10,29 @@ def nginx_site_name(site):
|
|||
else:
|
||||
return site['name']
|
||||
|
||||
def nginx_ssl_dir(pair, ssl_dir):
|
||||
return ssl_dir + '/' + nginx_site_filename(pair)
|
||||
|
||||
def nginx_key_path(pair, ssl_dir):
|
||||
if pair.has_key('dest_key'):
|
||||
return pair['dest_key']
|
||||
else:
|
||||
return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.key'
|
||||
|
||||
def nginx_cert_path(pair, ssl_dir):
|
||||
if pair.has_key('dest_cert'):
|
||||
return pair['dest_cert']
|
||||
else:
|
||||
return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.crt'
|
||||
|
||||
class FilterModule(object):
|
||||
''' Nginx module '''
|
||||
|
||||
def filters(self):
|
||||
return {
|
||||
'nginx_site_filename': nginx_site_filename,
|
||||
'nginx_site_name': nginx_site_name
|
||||
'nginx_site_name': nginx_site_name,
|
||||
'nginx_ssl_dir': nginx_ssl_dir,
|
||||
'nginx_key_path': nginx_key_path,
|
||||
'nginx_cert_path': nginx_cert_path
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@
|
|||
|
||||
- name: FILE | Create SSL directories
|
||||
file:
|
||||
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
|
||||
path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
|
||||
state: directory
|
||||
loop: "{{ nginx_ssl_pairs }}"
|
||||
when: item.dest_key is not defined or item.dest_cert is not defined
|
||||
|
|
@ -39,7 +39,7 @@
|
|||
- name: COPY | Deploy SSL keys
|
||||
copy:
|
||||
content: "{{ item.key }}"
|
||||
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
|
||||
dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
|
||||
mode: 0640
|
||||
loop: "{{ nginx_ssl_pairs }}"
|
||||
when: item.key is defined
|
||||
|
|
@ -49,7 +49,7 @@
|
|||
- name: COPY | Deploy SSL certs
|
||||
copy:
|
||||
content: "{{ item.cert }}"
|
||||
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
|
||||
dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
|
||||
mode: 0644
|
||||
loop: "{{ nginx_ssl_pairs }}"
|
||||
when: item.cert is defined
|
||||
|
|
@ -61,11 +61,11 @@
|
|||
openssl req
|
||||
-new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
|
||||
-subj '/CN={{ item | nginx_site_name }}'
|
||||
-keyout {{ item | nginx_site_name + '.key' }}
|
||||
-out {{ item | nginx_site_name + '.crt' }}
|
||||
-keyout {{ item | nginx_key_path(nginx_ssl_dir) }}
|
||||
-out {{ item | nginx_cert_path(nginx_ssl_dir) }}
|
||||
args:
|
||||
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
|
||||
creates: "{{ '/tmp/dummy' if item.force is defined and item.force else nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}"
|
||||
chdir: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
|
||||
creates: "{{ '/tmp/dummy' if item.force is defined and item.force else item | nginx_cert_path(nginx_ssl_dir) }}"
|
||||
loop: "{{ nginx_ssl_pairs }}"
|
||||
when: item.self_signed is defined
|
||||
notify: restart nginx
|
||||
|
|
|
|||
|
|
@ -41,8 +41,8 @@
|
|||
{%- endmacro %}
|
||||
{% macro ssl(ssl_name) %}
|
||||
{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
|
||||
ssl_certificate {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.crt' if sn.dest_cert is not defined else sn.dest_cert }};
|
||||
ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
|
||||
ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }};
|
||||
ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }};
|
||||
{% endfor %}
|
||||
{%- endmacro %}
|
||||
{% macro httpsredirect(name) %}
|
||||
|
|
|
|||
Loading…
Reference in New Issue