alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Ingenius use of YAML hashes to derive TLS key from another file

Browse Source 
This is kinda crazy, but makes the host_vars much easier to read.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth
2014-10-11 15:42:03 +03:00
parent 7ad41df199
commit 59b9bd70b8
2 changed files with 366 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
roles/nginx/tasks/tls_vhosts.yml
View File

@ -6,10 +6,21 @@
notify:
- reload nginx
# Chained TLS keys for all domains in one file, like:
#
# domain.com:
# tls_cert: |
# -----BEGIN PRIVATE KEY-----
# MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDeIotVB7/WY9sJ
- name: Get TLS certs
include_vars: "../../../vars/tls_keys.yml"
# Loop through tls vhosts and derive var to pull cert from (see above)
#
# concatenated key + cert, can live in the same file
# See: http://nginx.org/en/docs/http/configuring_https_servers.html
- name: Copy TLS certs
copy: { dest: "{{ tls_key_dir }}/{{ item.nginx_domain_name }}.crt.pem", content: "{{ item.tls_cert }}", mode: 0700, owner: 'root', group: 'root' }
copy: { dest: "{{ tls_key_dir }}/{{ item.nginx_domain_name }}.crt.pem", content: "{{ {{ item.nginx_domain_name }}.{{ tls_cert }} }}", mode: 0700, owner: 'root', group: 'root' }
with_items: nginx_tls_vhosts
notify:
- reload nginx