diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index ee67e9275..e4bb307ac 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -485,7 +485,7 @@ title: 'should set the IPv4 SSL listen port', attr: 'ssl_port', value: 45, - match: ' listen *:45;' + match: ' listen *:45 ssl;' }, { title: 'should enable IPv6', diff --git a/templates/mailhost/mailhost.erb b/templates/mailhost/mailhost.erb index d0599032c..21e8c198f 100644 --- a/templates/mailhost/mailhost.erb +++ b/templates/mailhost/mailhost.erb @@ -38,7 +38,9 @@ server { <%- end -%> <%= scope.function_template(["nginx/mailhost/mailhost_common.erb"]) -%> +<% if @add_listen_directive -%> ssl off; +<% end -%> starttls <%= @starttls %>; <% if @starttls == 'on' || @starttls == 'only' %> diff --git a/templates/mailhost/mailhost_ssl.erb b/templates/mailhost/mailhost_ssl.erb index edf90a4c2..56c5fc75a 100644 --- a/templates/mailhost/mailhost_ssl.erb +++ b/templates/mailhost/mailhost_ssl.erb @@ -20,10 +20,10 @@ server { <% end -%> <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @ssl_port %>; + listen <%= ip %>:<%= @ssl_port %><% unless @add_listen_directive -%> ssl<% end -%>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @ssl_port %>; + listen <%= @listen_ip %>:<%= @ssl_port %><% unless @add_listen_directive -%> ssl<% end -%>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> <%# FIXME this logic is duplicated all over the place -%> @@ -38,7 +38,9 @@ server { <%- end -%> <%= scope.function_template(["nginx/mailhost/mailhost_common.erb"]) -%> +<% if @add_listen_directive -%> ssl on; +<% end -%> starttls off; <%= scope.function_template(["nginx/mailhost/mailhost_ssl_settings.erb"]) -%>