20035: Enhances code redability, quotes jinja vars as yaml values.

[arvados.git] / tools / salt-install / config_examples / multi_host / aws / pillars / nginx_webshell_configuration.sls

diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
index f2c88c83cfa632ef41ce9afe23ffad63a25331d2..fb134cca9bf65f7640fc0002fcb6671fc11b4769 100644 (file)
--- a/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
+++ b/tools/salt-install/config_examples/multi_host/aws/pillars/nginx_webshell_configuration.sls
@@ -3,6 +3,8 @@
 #
 # SPDX-License-Identifier: AGPL-3.0
 
+{%- import_yaml "ssl_key_encrypted.sls" as ssl_key_encrypted_pillar %}
+
 ### NGINX
 nginx:
   ### SERVER
@@ -12,7 +14,7 @@ nginx:
       ### STREAMS
       http:
         upstream webshell_upstream:
-          - server: 'localhost:4200 fail_timeout=10s'
+          - server: 'shell.__CLUSTER__.__DOMAIN__:4200 fail_timeout=10s'
 
   ### SITES
   servers:
@@ -71,6 +73,9 @@ nginx:
             - include: snippets/ssl_hardening_default.conf
             - ssl_certificate: __CERT_PEM__
             - ssl_certificate_key: __CERT_KEY__
+            {%- if ssl_key_encrypted_pillar.ssl_key_encrypted.enabled %}
+            - ssl_password_file: {{ ssl_key_encrypted_pillar.ssl_key_encrypted.ssl_password_file | yaml_dquote }}
+            {%- endif %}
             - access_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.access.log combined
             - error_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.error.log