roles/nginx: Update nginx https stuff

- re-organize tls vhost configuration - copy TLS cert from host_vars directly to file Signed-off-by: Alan Orth <alan.orth@gmail.com>
2014-09-13 23:16:54 +03:00
parent 4e4f415acd
commit e6ffdf8652
5 changed files with 51 additions and 16 deletions
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@ -1,8 +1,9 @@
-{% set tls_cert         = item.tls_cert %}
-{% set tls_key          = item.tls_key %}
+{% set domain_name      = item.nginx_domain_name %}

-    ssl_certificate {{ tls_cert }};
-    ssl_certificate_key {{ tls_key }};
+    # concatenated key + cert
+    # See: http://nginx.org/en/docs/http/configuring_https_servers.html
+    ssl_certificate {{ tls_key_dir }}/{{ domain_name }}.crt.pem;
+    ssl_certificate_key {{ tls_key_dir }}/{{ domain_name }}.crt.pem;

    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:1m;