dont deploy "ssl on" on nginx 1.15 or newer (for mailhost)

voxpupuli · Dec 10, 2018 · e3137af · e3137af
1 parent 705c19b
commit e3137af
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb
@@ -485,7 +485,7 @@
               title: 'should set the IPv4 SSL listen port',
               attr: 'ssl_port',
               value: 45,
-              match: '  listen                *:45;'
+              match: '  listen                *:45 ssl;'
             },
             {
               title: 'should enable IPv6',

diff --git a/templates/mailhost/mailhost.erb b/templates/mailhost/mailhost.erb
@@ -38,7 +38,9 @@ server {
 <%- end -%>
 <%= scope.function_template(["nginx/mailhost/mailhost_common.erb"]) -%>
 
+<% if @add_listen_directive -%>
   ssl                   off;
+<% end -%>
   starttls              <%= @starttls %>;
 
 <% if @starttls == 'on' || @starttls == 'only' %>

diff --git a/templates/mailhost/mailhost_ssl.erb b/templates/mailhost/mailhost_ssl.erb
@@ -20,10 +20,10 @@ server {
 <% end -%>
 <%- if @listen_ip.is_a?(Array) then -%>
   <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @ssl_port %>;
+  listen       <%= ip %>:<%= @ssl_port %><% unless @add_listen_directive -%> ssl<% end -%>;
   <%- end -%>
 <%- else -%>
-  listen                <%= @listen_ip %>:<%= @ssl_port %>;
+  listen                <%= @listen_ip %>:<%= @ssl_port %><% unless @add_listen_directive -%> ssl<% end -%>;
 <%- end -%>
 <%# check to see if ipv6 support exists in the kernel before applying -%>
 <%# FIXME this logic is duplicated all over the place -%>
@@ -38,7 +38,9 @@ server {
 <%- end -%>
 <%= scope.function_template(["nginx/mailhost/mailhost_common.erb"]) -%>
 
+<% if @add_listen_directive -%>
   ssl                   on;
+<% end -%>
   starttls              off;
 
 <%= scope.function_template(["nginx/mailhost/mailhost_ssl_settings.erb"]) -%>