From 50ae5cef81c3402e3e116a830039d02c9c70ec81 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 28 Jun 2012 14:19:55 +0200 Subject: [PATCH 1/3] added the possibility to use ssl_proxy --- manifests/resource/location.pp | 9 ++++++--- manifests/resource/vhost.pp | 6 +++++- templates/vhost/vhost_location_proxy.erb | 4 ++++ 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 50394e7c1..d13002fd2 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -10,6 +10,8 @@ # [*index_files*] - Default index files for NGINX to read when traversing a directory # [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction # with nginx::resource::upstream +# [*ssl_proxy*] - Proxy server(s) for a location to connect to for SSL vHosts. Accepts a single value, can be used in conjunction +# with nginx::resource::upstream # [*ssl*] - Indicates whether to setup SSL bindings for this location. # [*option*] - Reserved for future use # @@ -25,12 +27,13 @@ # vhost => 'test2.local', # } define nginx::resource::location( + $location, $ensure = 'present', $vhost = undef, - $location, $www_root = undef, $index_files = ['index.html', 'index.htm', 'index.php'], $proxy = undef, + $ssl_proxy = undef, $ssl = 'false', $option = undef ){ @@ -48,7 +51,7 @@ } # Use proxy template if $proxy is defined, otherwise use directory template. - if ($proxy != undef) { + if ($proxy != undef or $ssl_proxy != undef) { $content_real = template('nginx/vhost/vhost_location_proxy.erb') } else { $content_real = template('nginx/vhost/vhost_location_directory.erb') @@ -79,4 +82,4 @@ content => $content_real, } } -} \ No newline at end of file +} diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 1c2adda8f..5c1e13627 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -13,6 +13,8 @@ # [*index_files*] - Default index files for NGINX to read when traversing a directory # [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction # with nginx::resource::upstream +# [*ssl_proxy*] - Proxy server(s) for a location to connect to for SSL vHosts. Accepts a single value, can be used in conjunction +# with nginx::resource::upstream # [*ssl*] - Indicates whether to setup SSL bindings for this location. # [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. @@ -40,6 +42,7 @@ $ssl = 'false', $ssl_cert = undef, $ssl_key = undef, + $ssl_proxy = undef, $proxy = undef, $index_files = ['index.html', 'index.htm', 'index.php'], $www_root = undef @@ -82,6 +85,7 @@ ssl => $ssl, location => '/', proxy => $proxy, + ssl_proxy => $ssl_proxy, www_root => $www_root, notify => Class['nginx::service'], } @@ -115,4 +119,4 @@ notify => Class['nginx::service'], } } -} \ No newline at end of file +} diff --git a/templates/vhost/vhost_location_proxy.erb b/templates/vhost/vhost_location_proxy.erb index bfb5854fd..d395c6789 100644 --- a/templates/vhost/vhost_location_proxy.erb +++ b/templates/vhost/vhost_location_proxy.erb @@ -1,4 +1,8 @@ location <%= location %> { + <% if ssl == 'true' and has_variable?("ssl_proxy") %> + proxy_pass <%= ssl_proxy %>; + <% else %> proxy_pass <%= proxy %>; + <% end %> } From 28427e6906aed8456f725c00ed195ac4c56ad71c Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 28 Jun 2012 15:04:27 +0200 Subject: [PATCH 2/3] template logic bugfixed --- manifests/resource/location.pp | 15 +++++++++++---- templates/vhost/vhost_location_ssl_proxy.erb | 4 ++++ 2 files changed, 15 insertions(+), 4 deletions(-) create mode 100644 templates/vhost/vhost_location_ssl_proxy.erb diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index d13002fd2..36e8360f5 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -51,11 +51,18 @@ } # Use proxy template if $proxy is defined, otherwise use directory template. - if ($proxy != undef or $ssl_proxy != undef) { + if ($proxy != undef) { $content_real = template('nginx/vhost/vhost_location_proxy.erb') } else { $content_real = template('nginx/vhost/vhost_location_directory.erb') } + + # check if ssl is enabled AND a different proxy is assigned + if (($ssl == 'true') and ($ssl_proxy != undef)) { + $content_ssl_real = template('nginx/vhost/vhost_location_ssl_proxy.erb') + } else { + $content_ssl_real = template('nginx/vhost/vhost_location_proxy.erb') + } ## Check for various error condtiions if ($vhost == undef) { @@ -77,9 +84,9 @@ ## Only create SSL Specific locations if $ssl is true. if ($ssl == 'true') { - file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl": - ensure => $ensure_real, - content => $content_real, + file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl": + ensure => $ensure_real, + content => $content_ssl_real, } } } diff --git a/templates/vhost/vhost_location_ssl_proxy.erb b/templates/vhost/vhost_location_ssl_proxy.erb new file mode 100644 index 000000000..fd91893ae --- /dev/null +++ b/templates/vhost/vhost_location_ssl_proxy.erb @@ -0,0 +1,4 @@ + location <%= location %> { + proxy_pass <%= ssl_proxy %>; + } + From 8665aafc2b8b4a8383fff9a36cb9f19daef342ba Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Thu, 28 Jun 2012 15:06:08 +0200 Subject: [PATCH 3/3] template logic bugfixed, added missing file --- templates/vhost/vhost_location_proxy.erb | 4 ---- 1 file changed, 4 deletions(-) diff --git a/templates/vhost/vhost_location_proxy.erb b/templates/vhost/vhost_location_proxy.erb index d395c6789..bfb5854fd 100644 --- a/templates/vhost/vhost_location_proxy.erb +++ b/templates/vhost/vhost_location_proxy.erb @@ -1,8 +1,4 @@ location <%= location %> { - <% if ssl == 'true' and has_variable?("ssl_proxy") %> - proxy_pass <%= ssl_proxy %>; - <% else %> proxy_pass <%= proxy %>; - <% end %> }