From 83bdb5be28f91f5fec1a85d483bb9bc3a6b08137 Mon Sep 17 00:00:00 2001 From: Zach Leslie Date: Sun, 8 Oct 2017 12:41:45 -0700 Subject: [PATCH] Improve logic for ipv6 listening Centralizes template logic and reduces requirement on ipaddres6 fact presence. --- manifests/resource/server.pp | 2 +- templates/server/server_header.erb | 23 ++------------------- templates/server/server_ipv6_listen.erb | 10 +++++++++ templates/server/server_ssl_header.erb | 23 ++------------------- templates/server/server_ssl_ipv6_listen.erb | 10 +++++++++ 5 files changed, 25 insertions(+), 43 deletions(-) create mode 100644 templates/server/server_ipv6_listen.erb create mode 100644 templates/server/server_ssl_ipv6_listen.erb diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index 01ed164c9..0d13898aa 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -281,7 +281,7 @@ # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled # and support does not exist for it in the kernel. - if $ipv6_enable and !$::ipaddress6 { + if $ipv6_enable and !$ipv6_listen_ip { warning('nginx: IPv6 support is not enabled or configured properly') } diff --git a/templates/server/server_header.erb b/templates/server/server_header.erb index 0d26c3baf..5f25a6a22 100644 --- a/templates/server/server_header.erb +++ b/templates/server/server_header.erb @@ -18,17 +18,7 @@ server { listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>; <%- end -%> <%- end -%> -<%# check to see if ipv6 support exists in the kernel before applying -%> -<%# FIXME this logic is duplicated all over the place -%> - <%- if @ipv6_enable && (defined? @ipaddress6) -%> - <%- if @ipv6_listen_ip.is_a?(Array) then -%> - <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- end -%> +<%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %> server_name www.<%= s.gsub(/^www\./, '') %>; <%- if @ssl_redirect or @ssl_only -%> return 301 https://<%= s.gsub(/^www\./, '') %><% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri; @@ -56,16 +46,7 @@ server { listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>; <%- end -%> <%- end -%> -<%# check to see if ipv6 support exists in the kernel before applying -%> -<%- if @ipv6_enable && (defined? @ipaddress6) -%> - <%- if @ipv6_listen_ip.is_a?(Array) then -%> - <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; - <%- end -%> -<%- end -%> +<%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %> server_name <%= @rewrite_www_to_non_www ? @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') : @server_name.join(" ") %>; <%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%> <%- if defined? @auth_basic -%> diff --git a/templates/server/server_ipv6_listen.erb b/templates/server/server_ipv6_listen.erb new file mode 100644 index 000000000..640d2f8b8 --- /dev/null +++ b/templates/server/server_ipv6_listen.erb @@ -0,0 +1,10 @@ +<%# check to see if ipv6 support exists in the kernel before applying -%> + <%- if @ipv6_enable -%> + <%- if @ipv6_listen_ip.is_a?(Array) then -%> + <%- @ipv6_listen_ip.each do |ipv6| -%> + listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; + <%- end -%> + <%- else -%> + listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>; + <%- end -%> + <%- end -%> diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb index dc645de1e..97f55d7df 100644 --- a/templates/server/server_ssl_header.erb +++ b/templates/server/server_ssl_header.erb @@ -9,17 +9,7 @@ server { <%- else -%> listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> -<%# check to see if ipv6 support exists in the kernel before applying -%> -<%# FIXME this logic is duplicated all over the place -%> - <%- if @ipv6_enable && (defined? @ipaddress6) -%> - <%- if @ipv6_listen_ip.is_a?(Array) then -%> - <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- end -%> +<%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %> server_name www.<%= s.gsub(/^www\./, '') %>; return 301 https://<%= s.gsub(/^www\./, '') %>$request_uri; @@ -37,16 +27,7 @@ server { <%- else -%> listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> -<%# check to see if ipv6 support exists in the kernel before applying -%> - <%- if @ipv6_enable && (defined? @ipaddress6) -%> - <%- if @ipv6_listen_ip.is_a?(Array) then -%> - <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; - <%- end -%> - <%- end -%> +<%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %> server_name <%= @rewrite_www_to_non_www ? @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') : @server_name.join(" ") %>; <%= scope.function_template(["nginx/server/server_ssl_settings.erb"]) %> diff --git a/templates/server/server_ssl_ipv6_listen.erb b/templates/server/server_ssl_ipv6_listen.erb new file mode 100644 index 000000000..48c5206cf --- /dev/null +++ b/templates/server/server_ssl_ipv6_listen.erb @@ -0,0 +1,10 @@ +<%# check to see if ipv6 support exists in the kernel before applying -%> + <%- if @ipv6_enable -%> + <%- if @ipv6_listen_ip.is_a?(Array) then -%> + <%- @ipv6_listen_ip.each do |ipv6| -%> + listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + <%- end -%> + <%- else -%> + listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + <%- end -%> + <%- end -%>