Merge pull request #33 from juaningan/master

Support for SSL only server and SSL defined port
voxpupuli · Oct 24, 2012 · 688948a · 688948a
2 parents ea04c46 + b4ddaf2
commit 688948a
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 18 deletions.
diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp
@@ -12,6 +12,7 @@
 #                              with nginx::resource::upstream
 #   [*proxy_read_timeout*]   - Override the default the proxy read timeout value of 90 seconds
 #   [*ssl*]                  - Indicates whether to setup SSL bindings for this location.
+#   [*ssl_only*]	     - Required if the SSL and normal vHost have the same port.
 #   [*location_alias*]       - Path to be used as basis for serving requests for this location
 #   [*stub_status*]          - If true it will point configure module stub_status to provide nginx stats on location
 #   [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location
@@ -53,6 +54,7 @@
   $proxy                = undef,
   $proxy_read_timeout   = $nginx::params::nx_proxy_read_timeout,
   $ssl                  = false,
+  $ssl_only		= false,
   $location_alias       = undef,
   $option               = undef,
   $stub_status          = undef,
@@ -96,9 +98,11 @@
   }
 
   ## Create stubs for vHost File Fragment Pattern
-  file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
-    ensure  => $ensure_real,
-    content => $content_real,
+  if ($ssl_only != 'true') {
+    file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
+      ensure  => $ensure_real,
+      content => $content_real,
+    }
   }
 
   ## Only create SSL Specific locations if $ssl is true.

diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
@@ -20,6 +20,7 @@
 #   [*ssl*]                 - Indicates whether to setup SSL bindings for this vhost.
 #   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
+#   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
 #   [*server_name*]         - List of vhostnames for which this vhost will respond. Default [$name].
 #   [*www_root*]            - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
 #   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
@@ -49,6 +50,7 @@
   $ssl                    = false,
   $ssl_cert               = undef,
   $ssl_key                = undef,
+  $ssl_port		  = '443',
   $proxy                  = undef,
   $proxy_read_timeout     = $nginx::params::nx_proxy_read_timeout,
   $index_files            = ['index.html', 'index.htm', 'index.php'],
@@ -80,20 +82,27 @@
 
   # Use the File Fragment Pattern to construct the configuration files.
   # Create the base configuration file reference.
-  file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001":
-    ensure  => $ensure ? {
-      'absent' => absent,
-      default  => 'file',
-    },
-    content => template('nginx/vhost/vhost_header.erb'),
-    notify => Class['nginx::service'],
+  if ($listen_port != $ssl_port) {
+    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001":
+      ensure  => $ensure ? {
+        'absent' => absent,
+        default  => 'file',
+      },
+      content => template('nginx/vhost/vhost_header.erb'),
+      notify => Class['nginx::service'],
+    }
+  }
+
+  if ($ssl == 'true') and ($ssl_port == $listen_port) {
+    $ssl_only = 'true'
   }
 
   # Create the default location reference for the vHost
   nginx::resource::location {"${name}-default":
     ensure               => $ensure,
     vhost                => $name,
     ssl                  => $ssl,
+    ssl_only             => $ssl_only,
     location             => '/',
     proxy                => $proxy,
     proxy_read_timeout   => $proxy_read_timeout,
@@ -113,13 +122,15 @@
     }
   }
   # Create a proper file close stub.
-  file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
-    ensure  => $ensure ? {
-      'absent' => absent,
-      default  => 'file',
-    },
-    content => template('nginx/vhost/vhost_footer.erb'),
-    notify  => Class['nginx::service'],
+  if ($listen_port != $ssl_port) {
+    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
+      ensure  => $ensure ? {
+        'absent' => absent,
+        default  => 'file',
+      },
+      content => template('nginx/vhost/vhost_footer.erb'),
+      notify  => Class['nginx::service'],
+    }
   }
 
   # Create SSL File Stubs if SSL is enabled

diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
@@ -1,5 +1,5 @@
 server {
-  listen       443;
+  listen       <%= ssl_port %>;
   <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %>
   server_name  <%= name %>;