X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3fa0a5500d5b58b5d0b9ea940dac85be2da079ec..095e176632bbf81d28a239742a1ecce12404bd2d:/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls?ds=sidebyside

diff --git a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls
index d180a3bad4..daa1f31929 100644
--- a/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls
+++ b/tools/salt-install/config_examples/single_host/multiple_hostnames/pillars/nginx_keepweb_configuration.sls
@@ -16,7 +16,7 @@ nginx:
   servers:
     managed:
       ### DEFAULT
-      arvados_collections_download_default:
+      arvados_collections_download_default.conf:
         enabled: true
         overwrite: true
         config:
@@ -30,12 +30,19 @@ nginx:
               - return: '301 https://$host$request_uri'
 
       ### COLLECTIONS / DOWNLOAD
-      arvados_collections_download_ssl:
+      {%- for vh in [
+        'collections',
+        'download'
+        ]
+      %}
+      arvados_{{ vh }}.conf:
         enabled: true
         overwrite: true
+        requires:
+          file: extra_custom_certs_{{ vh }}_cert_file_copy
         config:
           - server:
-            - server_name: collections.__CLUSTER__.__DOMAIN__ download.__CLUSTER__.__DOMAIN__
+            - server_name: {{ vh }}.__CLUSTER__.__DOMAIN__
             - listen:
               - __CONTROLLER_EXT_SSL_PORT__ http2 ssl
             - index: index.html index.htm
@@ -52,6 +59,9 @@ nginx:
             - client_max_body_size: 0
             - proxy_http_version: '1.1'
             - proxy_request_buffering: 'off'
-            - include: 'snippets/arvados-snakeoil.conf'
-            - access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
-            - error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
+            - include: snippets/ssl_hardening_default.conf
+            - ssl_certificate: /etc/nginx/ssl/arvados-{{ vh }}.pem
+            - ssl_certificate_key: /etc/nginx/ssl/arvados-{{ vh }}.key
+            - access_log: /var/log/nginx/{{ vh }}.__CLUSTER__.__DOMAIN__.access.log combined
+            - error_log: /var/log/nginx/{{ vh }}.__CLUSTER__.__DOMAIN__.error.log
+      {%- endfor %}