Skip to content

Commit

Permalink
Merge pull request #43 from zoide/ssl-fixes
Browse files Browse the repository at this point in the history 
Ssl fixes
  • Loading branch information
James Fryman committed Apr 13, 2013
2 parents f042b84 + 276efca commit 108c5b8
Show file tree
Hide file tree
Showing 4 changed files with 76 additions and 74 deletions.
36 changes: 20 additions & 16 deletions manifests/resource/location.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
# [*location_alias*] - Path to be used as basis for serving requests for this location
# [*stub_status*] - If true it will point configure module stub_status to provide nginx stats on location
# [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
#
Expand All @@ -31,7 +31,7 @@
# location => '/bob',
# vhost => 'test2.local',
# }
#
#
# Custom config example to limit location on localhost,
# create a hash with any extra custom config you want.
# $my_config = {
Expand All @@ -47,31 +47,33 @@
# location_cfg_append => $my_config,
# }

define nginx::resource::location(
define nginx::resource::location (
$ensure = present,
$vhost = undef,
$www_root = undef,
$index_files = ['index.html', 'index.htm', 'index.php'],
$index_files = [
'index.html',
'index.htm',
'index.php'],
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$ssl = false,
$ssl_only = false,
$ssl_only = false,
$location_alias = undef,
$option = undef,
$stub_status = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef,
$location
) {
$location) {
File {
owner => 'root',
group => 'root',
mode => '0644',
notify => Class['nginx::service'],
}

## Shared Variables
# # Shared Variables
$ensure_real = $ensure ? {
'absent' => absent,
default => file,
Expand All @@ -88,28 +90,30 @@
$content_real = template('nginx/vhost/vhost_location_directory.erb')
}

## Check for various error condtiions
# # Check for various error condtiions
if ($vhost == undef) {
fail('Cannot create a location reference without attaching to a virtual host')
}
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) ) {

if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias or stub_status defined')
}

if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}

## Create stubs for vHost File Fragment Pattern
if ($ssl_only != 'true') {
file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
# # Create stubs for vHost File Fragment Pattern
if (!$ssl_only) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
ensure => $ensure_real,
content => $content_real,
}
}

## Only create SSL Specific locations if $ssl is true.
if ($ssl == 'true') {
file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
# # Only create SSL Specific locations if $ssl is true.
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
ensure => $ensure_real,
content => $content_real,
}
Expand Down
43 changes: 21 additions & 22 deletions manifests/resource/mailhost.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,25 +41,24 @@
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::mailhost(
$ensure = 'enable',
$listen_ip = '*',
define nginx::resource::mailhost (
$ensure = 'enable',
$listen_ip = '*',
$listen_port,
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]
) {
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]) {
File {
owner => 'root',
group => 'root',
Expand All @@ -68,7 +67,7 @@

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$::ipaddress6) {
if ($ipv6_enable and !$::ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

Expand All @@ -88,19 +87,19 @@
default => 'file',
},
content => template('nginx/mailhost/mailhost.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}

# Create SSL File Stubs if SSL is enabled
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-700-ssl":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/mailhost/mailhost_ssl.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}
}
11 changes: 4 additions & 7 deletions manifests/resource/upstream.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,19 @@
# 'localhost:3002',
# ],
# }
define nginx::resource::upstream (
$ensure = 'present',
$members
) {
define nginx::resource::upstream ($ensure = 'present', $members) {
File {
owner => 'root',
group => 'root',
mode => '0644',
}

file { "/etc/nginx/conf.d/${name}-upstream.conf":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
}
}
60 changes: 31 additions & 29 deletions manifests/resource/vhost.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::vhost(
define nginx::resource::vhost (
$ensure = 'enable',
$listen_ip = '*',
$listen_port = '80',
Expand All @@ -51,18 +51,19 @@
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = '443',
$ssl_port = '443',
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$index_files = ['index.html', 'index.htm', 'index.php'],
$index_files = [
'index.html',
'index.htm',
'index.php'],
$server_name = [$name],
$www_root = undef,
$rewrite_www_to_non_www = false,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef
) {

$try_files = undef) {
File {
owner => 'root',
group => 'root',
Expand All @@ -71,7 +72,7 @@

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable == 'true') and ($ipaddress6) {
if ($ipv6_enable == 'true') and ($ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

Expand All @@ -91,39 +92,39 @@
default => 'file',
},
content => template('nginx/vhost/vhost_header.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}

if ($ssl == 'true') and ($ssl_port == $listen_port) {
$ssl_only = 'true'
}

# Create the default location reference for the vHost
nginx::resource::location {"${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
try_files => $try_files,
www_root => $www_root,
notify => Class['nginx::service'],
nginx::resource::location { "${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
try_files => $try_files,
www_root => $www_root,
notify => Class['nginx::service'],
}

# Support location_cfg_prepend and location_cfg_append on default location created by vhost
if $location_cfg_prepend {
Nginx::Resource::Location["${name}-default"] {
location_cfg_prepend => $location_cfg_prepend
}
location_cfg_prepend => $location_cfg_prepend }
}

if $location_cfg_append {
Nginx::Resource::Location["${name}-default"] {
location_cfg_append => $location_cfg_append
}
location_cfg_append => $location_cfg_append }
}

# Create a proper file close stub.
if ($listen_port != $ssl_port) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
Expand All @@ -137,22 +138,23 @@
}

# Create SSL File Stubs if SSL is enabled
if ($ssl == 'true') {
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_ssl_header.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}

file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_footer.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}
}

0 comments on commit 108c5b8

Please sign in to comment.