From b4ddaf22df3b1ed1de0a1249a0fe643e55df65fe Mon Sep 17 00:00:00 2001 From: juaningan Date: Thu, 18 Oct 2012 15:33:07 +0200 Subject: [PATCH] Added SSL port support and if SSL and listen port are the same just creates SSL vhost and location --- manifests/resource/location.pp | 10 ++++--- manifests/resource/vhost.pp | 39 ++++++++++++++++++---------- templates/vhost/vhost_ssl_header.erb | 2 +- 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index f919572e7..33d951d31 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -12,6 +12,7 @@ # with nginx::resource::upstream # [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds # [*ssl*] - Indicates whether to setup SSL bindings for this location. +# [*ssl_only*] - Required if the SSL and normal vHost have the same port. # [*location_alias*] - Path to be used as basis for serving requests for this location # [*stub_status*] - If true it will point configure module stub_status to provide nginx stats on location # [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location @@ -53,6 +54,7 @@ $proxy = undef, $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, $ssl = false, + $ssl_only = false, $location_alias = undef, $option = undef, $stub_status = undef, @@ -96,9 +98,11 @@ } ## Create stubs for vHost File Fragment Pattern - file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}": - ensure => $ensure_real, - content => $content_real, + if ($ssl_only != 'true') { + file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}": + ensure => $ensure_real, + content => $content_real, + } } ## Only create SSL Specific locations if $ssl is true. diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 6475311b0..316fc0fbc 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -20,6 +20,7 @@ # [*ssl*] - Indicates whether to setup SSL bindings for this vhost. # [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. +# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443 # [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name]. # [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid @@ -49,6 +50,7 @@ $ssl = false, $ssl_cert = undef, $ssl_key = undef, + $ssl_port = '443', $proxy = undef, $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout, $index_files = ['index.html', 'index.htm', 'index.php'], @@ -80,13 +82,19 @@ # Use the File Fragment Pattern to construct the configuration files. # Create the base configuration file reference. - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, - content => template('nginx/vhost/vhost_header.erb'), - notify => Class['nginx::service'], + if ($listen_port != $ssl_port) { + file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": + ensure => $ensure ? { + 'absent' => absent, + default => 'file', + }, + content => template('nginx/vhost/vhost_header.erb'), + notify => Class['nginx::service'], + } + } + + if ($ssl == 'true') and ($ssl_port == $listen_port) { + $ssl_only = 'true' } # Create the default location reference for the vHost @@ -94,6 +102,7 @@ ensure => $ensure, vhost => $name, ssl => $ssl, + ssl_only => $ssl_only, location => '/', proxy => $proxy, proxy_read_timeout => $proxy_read_timeout, @@ -113,13 +122,15 @@ } } # Create a proper file close stub. - file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699": - ensure => $ensure ? { - 'absent' => absent, - default => 'file', - }, - content => template('nginx/vhost/vhost_footer.erb'), - notify => Class['nginx::service'], + if ($listen_port != $ssl_port) { + file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699": + ensure => $ensure ? { + 'absent' => absent, + default => 'file', + }, + content => template('nginx/vhost/vhost_footer.erb'), + notify => Class['nginx::service'], + } } # Create SSL File Stubs if SSL is enabled diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 05ea278ef..d5d30a90d 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,5 +1,5 @@ server { - listen 443; + listen <%= ssl_port %>; <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %> server_name <%= name %>;