Skip to content

Commit

Permalink
Improve logic for ipv6 listening
Browse files Browse the repository at this point in the history
Centralizes template logic and reduces requirement on ipaddres6 fact presence.
  • Loading branch information
zachfi committed Oct 8, 2017
1 parent 555934d commit 83bdb5b
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 43 deletions.
2 changes: 1 addition & 1 deletion manifests/resource/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,7 @@

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if $ipv6_enable and !$::ipaddress6 {
if $ipv6_enable and !$ipv6_listen_ip {
warning('nginx: IPv6 support is not enabled or configured properly')
}

Expand Down
23 changes: 2 additions & 21 deletions templates/server/server_header.erb
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,7 @@ server {
listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>;
<%- end -%>
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%# FIXME this logic is duplicated all over the place -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
<%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %>
server_name www.<%= s.gsub(/^www\./, '') %>;
<%- if @ssl_redirect or @ssl_only -%>
return 301 https://<%= s.gsub(/^www\./, '') %><% if @_ssl_redirect_port.to_i != 443 %>:<%= @_ssl_redirect_port %><% end %>$request_uri;
Expand Down Expand Up @@ -56,16 +46,7 @@ server {
listen unix:<%= @listen_unix_socket %><% if @listen_unix_socket_options %> <%= @listen_unix_socket_options %><% end %>;
<%- end -%>
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
<%= scope.function_template(["nginx/server/server_ipv6_listen.erb"]) %>
server_name <%= @rewrite_www_to_non_www ? @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') : @server_name.join(" ") %>;
<%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
<%- if defined? @auth_basic -%>
Expand Down
10 changes: 10 additions & 0 deletions templates/server/server_ipv6_listen.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
23 changes: 2 additions & 21 deletions templates/server/server_ssl_header.erb
Original file line number Diff line number Diff line change
Expand Up @@ -9,17 +9,7 @@ server {
<%- else -%>
listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%# FIXME this logic is duplicated all over the place -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
<%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %>
server_name www.<%= s.gsub(/^www\./, '') %>;
return 301 https://<%= s.gsub(/^www\./, '') %>$request_uri;

Expand All @@ -37,16 +27,7 @@ server {
<%- else -%>
listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
<%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %>
server_name <%= @rewrite_www_to_non_www ? @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') : @server_name.join(" ") %>;

<%= scope.function_template(["nginx/server/server_ssl_settings.erb"]) %>
Expand Down
10 changes: 10 additions & 0 deletions templates/server/server_ssl_ipv6_listen.erb
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>

0 comments on commit 83bdb5b

Please sign in to comment.