-
-
Notifications
You must be signed in to change notification settings - Fork 883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Subdir for ssl certs #80
Comments
I absolutely like the concept. I'd be more apt to use a separate param in the event that someone wants to store SSL certs somewhere more LSB-like, or in an already existing or managed SSL directory. (Might be good to do an Wanna work up a PR? Happy to help with this as well. |
Sure that makes sense. I can prepare it, sure. |
Why copying certificates? I would stick to KISS and assign the user given paths directly to corresponding nginx configuration keys. Compare Fork I made a few more changes but you will figure it out. :) |
Why? Automatic deploy ssl key from puppet is KISS. |
I agree. However coping around SSL key and certificate is not. It is an extra step. Further on coping certificates to nginx folder is enforcing specific configuration which might or might not be desirable. Default SSL key/cert location both on Debian and Red Hat is /etc/ssl. Where SSL key/cert reside is not concern of the nginx module. Module should only update vhost configuration based on user input and not move SSL key/cert around. It is on user to manage certificates. Coping certificates is not transparent. Lets say that the key/cert are in /etc/ssl. Few months later certificate expires. The user will update certificate at /etc/ssl completely unaware that actually certificates where copied and that nginx will continue to read copies. |
Yep, I agree, you guys have a valid point, this module should provide only a means to specify a path to your cert dir which should default to whatever is distro default. @jfryman what do you think about this? |
Hi, please add any relevant comments to #599 regarding how the module will treat SSL certificates going forward. |
If you have a lot of SSL vhosts /etc/nginx tends to be overcrowded with *.crt and *.key files. Just for housekeeping sake I think it would be better to create a subdir under ${nginx::params::nx_conf_dir} e.g. ${nginx::params::nx_conf_dir}/ssl and keep all cert files there, or even make that one a separate param e.g. ${nginx::params::nx_ssl_cert_dir} or something.
What do you guys think about this?
The text was updated successfully, but these errors were encountered: