Page MenuHomeDevCentral
Files F3769660

No OneTemporary
Actions

View Options

diff --git a/roles/paas-docker/nginx/config.sls b/roles/paas-docker/nginx/config.sls
index ebbb78b..80c3e23 100644
--- a/roles/paas-docker/nginx/config.sls
+++ b/roles/paas-docker/nginx/config.sls
@@ -1,59 +1,64 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2018-03-16
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs with context %}
{% set containers = salt['pillar.get']('docker_containers:' + grains['id'], {}) %}
# -------------------------------------------------------------
# Base folder
#
# :: general configuration
# -------------------------------------------------------------
{{ dirs.etc }}/nginx/nginx.conf:
file.managed:
- source: salt://roles/paas-docker/nginx/files/nginx.conf
+nginx_dhparams:
+ cmd.run:
+ - name: openssl dhparam -out {{ dirs.etc }}/nginx/dhparams.pem 2048
+ - creates: {{ dirs.etc }}/nginx/dhparams.pem
+
# -------------------------------------------------------------
# includes folder
#
# :: general configuration
# :: application-specific code
# -------------------------------------------------------------
{{ dirs.etc }}/nginx/includes:
file.recurse:
- source: salt://roles/paas-docker/nginx/files/includes
- dir_mode: 755
- file_mode: 644
# -------------------------------------------------------------
# vhosts folder
# -------------------------------------------------------------
{% for service, instances in containers.items() %}
{% for instance, container in instances.items() %}
{% if 'host' in container %}
{{ dirs.etc }}/nginx/vhosts/{{ service }}/{{ instance }}.conf:
file.managed:
- source: salt://roles/paas-docker/nginx/files/vhosts/{{ service }}.conf
- makedirs: True
- mode: 644
- template: jinja
- context:
fqdn: {{ container['host'] }}
app_port: {{ container['app_port'] }}
aliases: {{ container['aliases'] | default('', true) | join(" ") }}
# If the nginx configuration needs more key,
# pass directly the container dictionary.
args: {{ container }}
{% endif %}
{% endfor %}
{% endfor %}
diff --git a/roles/paas-docker/nginx/files/includes/tls b/roles/paas-docker/nginx/files/includes/tls
new file mode 100644
index 0000000..735f1ea
--- /dev/null
+++ b/roles/paas-docker/nginx/files/includes/tls
@@ -0,0 +1,28 @@
+# -------------------------------------------------------------
+# Configuration for Let's encrypt nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Author: Sébastien Santoro aka Dereckson
+# Created: 2017-04-03
+# Description: Get SSL certificates from Let's encrypt
+# Source file: roles/paas-docker/nginx/files/includes/tls
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+listen 443 ssl http2;
+listen [::]:443 ssl http2;
+keepalive_timeout 70;
+
+ssl_session_timeout 1d;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+
+ssl_protocols TLSv1.2;
+ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
+ssl_prefer_server_ciphers on;
+ssl_dhparam /etc/nginx/dhparams.pem;

File Metadata

Mime Type
text/x-diff
Expires
Mon, Nov 25, 16:26 (23 h, 57 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260537
Default Alt Text
(3 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator