#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### NGINX
nginx:
servers:
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/collections.__CLUSTER__.__DOMAIN__.error.log
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### NGINX
nginx:
### SERVER
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/controller.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/controller.__CLUSTER__.__DOMAIN__.error.log
- client_max_body_size: 128m
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### NGINX
nginx:
servers:
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/download.__CLUSTER__.__DOMAIN__.error.log
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### NGINX
nginx:
### SERVER
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/keepproxy.__CLUSTER__.__DOMAIN__.error.log
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### NGINX
nginx:
### SERVER
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/webshell.__CLUSTER__.__DOMAIN__.error.log
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### NGINX
nginx:
### SERVER
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/ws.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/ws.__CLUSTER__.__DOMAIN__.error.log
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### ARVADOS
arvados:
config:
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench2.__CLUSTER__.__DOMAIN__.error.log
#
# SPDX-License-Identifier: AGPL-3.0
+{%- import_yaml "ssl_key_encrypted.sls" as imported %}
+
### ARVADOS
arvados:
config:
- include: snippets/ssl_hardening_default.conf
- ssl_certificate: __CERT_PEM__
- ssl_certificate_key: __CERT_KEY__
+ {%- if imported.ssl_key_encrypted.enabled %}
+ - ssl_password_file: {{ imported.ssl_key_encrypted.ssl_password_file }}
+ {%- endif %}
- access_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.access.log combined
- error_log: /var/log/nginx/workbench.__CLUSTER__.__DOMAIN__.error.log
{%- for cert in certs %}
{%- set cert_file = 'arvados-' ~ cert ~ '.pem' %}
- {#- set csr_file = 'arvados-' ~ cert ~ '.csr' #}
{%- set key_file = 'arvados-' ~ cert ~ '.key' %}
{% for c in [cert_file, key_file] %}
extra_custom_certs_file_copy_{{ c }}: