From 8e34703045a05496d5a03a347eb5ea8d5b66cc94 Mon Sep 17 00:00:00 2001
From: Joe Hillenbrand <joehillen@gmail.com>
Date: Thu, 15 Jan 2015 11:40:58 -0800
Subject: [PATCH] Include ssl settings in rewrite_www server.

fixes jfryman/puppet-nginx#542
---
 templates/vhost/vhost_ssl_header.erb   | 33 ++++----------------------
 templates/vhost/vhost_ssl_settings.erb | 30 +++++++++++++++++++++++
 2 files changed, 34 insertions(+), 29 deletions(-)
 create mode 100644 templates/vhost/vhost_ssl_settings.erb

diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 35de38d62..2f134cd5c 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -2,6 +2,9 @@
 server {
   listen       <%= @listen_ip %>:<%= @ssl_port %> ssl;
   server_name  www.<%= @server_name[0].gsub(/^www\./, '') %>;
+
+<%= scope.function_template(["nginx/vhost/vhost_ssl_settings.erb"]) %>
+
   return       301 https://<%= @server_name[0].gsub(/^www\./, '') %>$uri;
 }
 
@@ -13,36 +16,8 @@ server {
   <%- end -%>
   server_name  <%= @rewrite_www_to_non_www ? @server_name[0].gsub(/^www\./, '') : @server_name.join(" ") %>;
 
-  ssl on;
-
-  ssl_certificate           <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
-  ssl_certificate_key       <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
-<% if defined? @ssl_dhparam -%>
-  ssl_dhparam               <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
-<% end -%>
-  ssl_session_cache         <%= @ssl_cache %>;
-  ssl_session_timeout       <%= @ssl_session_timeout %>;
-  ssl_protocols             <%= @ssl_protocols %>;
-  ssl_ciphers               <%= @ssl_ciphers %>;
-  ssl_prefer_server_ciphers on;
-<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
-  <%- if @ssl_stapling -%>
-  ssl_stapling              on;
-  <%- end -%>
-  <%- if defined? @ssl_stapling_file -%>
-  ssl_stapling_file         <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
-  <%- end -%>
-  <%- if defined? @ssl_stapling_responder -%>
-  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
-  <%- end -%>
-  <%- if @ssl_stapling_verify -%>
-  ssl_stapling_verify       on;
-  <%- end -%>
-  <%- if defined? @ssl_trusted_cert -%>
-  ssl_trusted_certificate   <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
-  <%- end -%>
+<%= scope.function_template(["nginx/vhost/vhost_ssl_settings.erb"]) %>
 
-<% end -%>
 <% if Array(@resolver).count > 0 -%>
   resolver                  <% Array(@resolver).each do |r| %> <%= r %><% end %>;
 <% end -%>
diff --git a/templates/vhost/vhost_ssl_settings.erb b/templates/vhost/vhost_ssl_settings.erb
new file mode 100644
index 000000000..e87260f4b
--- /dev/null
+++ b/templates/vhost/vhost_ssl_settings.erb
@@ -0,0 +1,30 @@
+  ssl on;
+
+  ssl_certificate           <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
+  ssl_certificate_key       <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
+<% if defined? @ssl_dhparam -%>
+  ssl_dhparam               <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
+<% end -%>
+  ssl_session_cache         <%= @ssl_cache %>;
+  ssl_session_timeout       <%= @ssl_session_timeout %>;
+  ssl_protocols             <%= @ssl_protocols %>;
+  ssl_ciphers               <%= @ssl_ciphers %>;
+  ssl_prefer_server_ciphers on;
+<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
+  <%- if @ssl_stapling -%>
+  ssl_stapling              on;
+  <%- end -%>
+  <%- if defined? @ssl_stapling_file -%>
+  ssl_stapling_file         <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
+  <%- end -%>
+  <%- if defined? @ssl_stapling_responder -%>
+  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
+  <%- end -%>
+  <%- if @ssl_stapling_verify -%>
+  ssl_stapling_verify       on;
+  <%- end -%>
+  <%- if defined? @ssl_trusted_cert -%>
+  ssl_trusted_certificate   <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
+  <%- end -%>
+
+<% end -%>
\ No newline at end of file