Skip to content

Commit

Permalink
Avoid spurious location block when redirecting to SSL in another serv…
Browse files Browse the repository at this point in the history
…er block

Fixes voxpupuli#1029
  • Loading branch information
oranenj committed Apr 6, 2017
1 parent 51296f3 commit 6c69b3e
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 4 deletions.
8 changes: 6 additions & 2 deletions manifests/resource/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -370,15 +370,19 @@
$_ssl_redirect_port = $ssl_port
}

# Suppress unneded stuff in non-SSL location block when certain conditions are
# Suppress unneeded stuff in non-SSL location block when certain conditions are
# met.
if (($ssl == true) and ($ssl_port == $listen_port)) or ($ssl_redirect) {
$ssl_only = true
} else {
$ssl_only = false
}

if $use_default_location == true {
# If we're redirecting to SSL, the default location block is useless, *unless*
# SSL is enabled for this server
# either and ssl -> true
# ssl redirect and no ssl -> false
if ($ssl_redirect != true or $ssl == true) and $use_default_location == true {
# Create the default location reference for the server
nginx::resource::location {"${name_sanitized}-default":
ensure => $ensure,
Expand Down
22 changes: 20 additions & 2 deletions spec/defines/resource_server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -898,12 +898,30 @@
it { is_expected.to contain_concat__fragment("#{title}-header").with_content(%r{ return 301 https://\$host:9787\$request_uri;}) }
end

context 'ssl_redirect should set ssl_only' do
let(:params) { { ssl_redirect: true } }
context 'ssl_redirect should set ssl_only when ssl => true' do
let(:params) do
{
ssl_redirect: true,
ssl: true,
ssl_key: 'dummy.key',
ssl_cert: 'dummy.crt'
}
end

it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
end

context 'ssl_redirect should not include default location when ssl => false' do
let(:params) do
{
ssl_redirect: true,
ssl: false
}
end

it { is_expected.not_to contain_nginx__resource__location("#{title}-default") }
end

context 'SSL cert and key are both set to fully qualified paths' do
let(:params) { { ssl: true, ssl_cert: '/tmp/foo.crt', ssl_key: '/tmp/foo.key:' } }

Expand Down

0 comments on commit 6c69b3e

Please sign in to comment.