Add ssl_proxy variable

[tobru]

Hi,

I wanted to have a different upstream proxy on a ssl enabled vhost, so I added the variable ssl_proxy.
I hope I've done it correctly ("works-for-me") and it is usable for the rest of the world! If you like it, please merge it to your master...

Cheers,
Tobias

PS: This is my first pull request on github!
PS: And I'm also a git and puppet beginner =)

[tobru]

Hmm, I see, this is not yet working as expected. The "proxy_pass" should be different on both servers... Have to go back to work and try it again... Sorry!

[tobru]

I close this pull request and send a new (working) one!

[tobru]

Oh, I see, my bugfix commits are in this pull request... =) Takes some time to understand how git/github works. The next time I will use branches, I promise.

[jfryman]

Hi! Thanks for this code. I'm not entirely following what this adds versus what the code already does. Would you be willing to share a use-case so I can see how this might play into the module? I'd certainly like to merge this in, but I'm not quite tracking yet.

Let me know your thoughts!

[jfryman]

Let me know if you have an opportunity to reply to this comment. I haven't heard back from you. Happy to reopen if this is still an issue. Thanks!

[tobru]

Hi,

I'm sorry for this late answer =(
Here is an example:

# add proxy destination
nginx::resource::upstream {
    'server_de':
        ensure  => present,
        members => [
            'ip:80',
        ];
    'server_de_ssl':
        ensure  => present,
        members => [
            'ip:443',
        ];
}

# add virtualhost http
nginx::resource::vhost {
    'www.server.de':
        ensure    => present,
        proxy     => 'http://server_de',
        ssl_proxy => 'https://server_de_ssl',
        ssl       => 'true',
        ssl_cert  => '/etc/nginx/ssl/server.de.pem',
        ssl_key   => '/etc/nginx/ssl/server.de.key',
        require   => [ File['/etc/nginx/ssl/server.de.key'],
                      File['/etc/nginx/ssl/server.de.pem'] ],
}

This creates two files with the different upstreams (/etc/nginx/conf.d/server_de-upstream.conf and /etc/nginx/conf.d/server_de_ssl-upstream.conf) and adds two different server blocks to vhost_autogen.conf which are using the different upstreams:

server {
  listen *;

  server_name www.server.de;
  access_log  /var/log/nginx/www.server.de.access.log;
  location / {
    proxy_pass http://server_de;
  }

}
server {
  listen       443;

  server_name  www.server.de;

  ssl on;
  ssl_certificate      /etc/nginx/ssl/server.de.pem;
  ssl_certificate_key  /etc/nginx/ssl/server.de.key;

  ssl_session_timeout  5m;

  ssl_protocols  SSLv3 TLSv1;
  ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
  ssl_prefer_server_ciphers   on;
  location / {
    proxy_pass https://server_de_ssl;
  }

}