diff --git a/REFERENCE.md b/REFERENCE.md index 0a87f517c..fe6601d01 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -277,11 +277,11 @@ Data type: `String[1]` The version of nginx installed (or being installed). Unfortunately, different versions of nginx may need configuring differently. The default is derived from the version of nginx -already installed. If the fact is unavailable, it defaults to '1.6.0'. +already installed. If the fact is unavailable, it defaults to '1.15.0'. You may need to set this manually to get a working and idempotent configuration. -Default value: `pick(fact('nginx_version'), '1.6.0')` +Default value: `pick(fact('nginx_version'), '1.15.0')` ##### `debug_connections` @@ -3080,7 +3080,7 @@ Create a new mapping entry for NGINX nginx::resource::map { 'backend_pool': ensure => present, hostnames => true, - default => 'ny-pool-1, + default => 'ny-pool-1', string => '$http_host', mappings => { '*.nyc.example.com' => 'ny-pool-1', diff --git a/manifests/init.pp b/manifests/init.pp index 2445c100d..66175555d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,7 +20,7 @@ # The version of nginx installed (or being installed). # Unfortunately, different versions of nginx may need configuring # differently. The default is derived from the version of nginx -# already installed. If the fact is unavailable, it defaults to '1.6.0'. +# already installed. If the fact is unavailable, it defaults to '1.15.0'. # You may need to set this manually to get a working and idempotent # configuration. # @@ -240,7 +240,7 @@ Hash $nginx_upstreams = {}, Nginx::UpstreamDefaults $nginx_upstreams_defaults = {}, Boolean $purge_passenger_repo = true, - String[1] $nginx_version = pick(fact('nginx_version'), '1.6.0'), + String[1] $nginx_version = pick(fact('nginx_version'), '1.15.0'), ### END Hiera Lookups ### ) inherits nginx::params { diff --git a/spec/acceptance/nginx_mail_spec.rb b/spec/acceptance/nginx_mail_spec.rb index 1475471b4..993c97673 100644 --- a/spec/acceptance/nginx_mail_spec.rb +++ b/spec/acceptance/nginx_mail_spec.rb @@ -79,45 +79,5 @@ class { 'nginx': describe port(465) do it { is_expected.to be_listening } end - - context 'when configured for nginx 1.14' do - it 'runs successfully' do - pp = " - if fact('os.family') == 'RedHat' { - package { 'nginx-mod-mail': - ensure => installed, - } - } - - class { 'nginx': - mail => true, - nginx_version => '1.14.0', - dynamic_modules => fact('os.family') ? { - 'RedHat' => ['/usr/lib64/nginx/modules/ngx_mail_module.so'], - default => [], - } - } - nginx::resource::mailhost { 'domain1.example': - ensure => present, - auth_http => 'localhost/cgi-bin/auth', - protocol => 'smtp', - listen_port => 587, - ssl => true, - ssl_port => 465, - ssl_cert => '/etc/pki/tls/certs/blah.cert', - ssl_key => '/etc/pki/tls/private/blah.key', - xclient => 'off', - } - " - - apply_manifest(pp, catch_failures: true) - end - - describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do - it 'does\'t contain `ssl` on `listen` line' do - is_expected.to contain 'listen *:465;' - end - end - end end end diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb index 86be065ed..7c6b76c56 100644 --- a/spec/defines/resource_mailhost_spec.rb +++ b/spec/defines/resource_mailhost_spec.rb @@ -548,7 +548,7 @@ title: 'should set the IPv4 SSL listen port', attr: 'ssl_port', value: 45, - match: ' listen *:45;' + match: ' listen *:45 ssl;' }, { title: 'should enable IPv6', diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb index 60515a008..b249b2d24 100644 --- a/spec/defines/resource_server_spec.rb +++ b/spec/defines/resource_server_spec.rb @@ -119,7 +119,7 @@ title: 'should set the IPv4 listen port', attr: 'listen_port', value: 45, - match: %r{\s+listen\s+\*:45;} + match: %r{\s+listen\s+\*:45 ssl;} }, { title: 'should set the IPv4 listen options', @@ -667,20 +667,6 @@ ) end - context 'without a value for the nginx_version fact do' do - let :facts do - facts[:nginx_version] ? facts.delete(:nginx_version) : facts - end - - it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } - end - - context 'with fact nginx_version=1.14.1' do - let(:facts) { facts.merge(nginx_version: '1.14.1') } - - it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } - end - context 'with fact nginx_version=1.15.1' do let(:facts) { facts.merge(nginx_version: '1.15.1') } diff --git a/templates/mailhost/mailhost.epp b/templates/mailhost/mailhost.epp index 8a9c4fb58..003898c8a 100644 --- a/templates/mailhost/mailhost.epp +++ b/templates/mailhost/mailhost.epp @@ -23,9 +23,6 @@ server { <%- } -%> <%= $mailhost_common -%> -<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%> - ssl off; -<% } %> starttls <%= $starttls %>; <% if $starttls != 'off' { %> diff --git a/templates/mailhost/mailhost_ssl.epp b/templates/mailhost/mailhost_ssl.epp index 3b0ef78fc..e5ffc5f10 100644 --- a/templates/mailhost/mailhost_ssl.epp +++ b/templates/mailhost/mailhost_ssl.epp @@ -14,16 +14,13 @@ server { <%= $mailhost_prepend -%> <%- $listen_ip.each |$ip| { -%> - listen <%= $ip %>:<%= $ssl_port %><% if versioncmp($nginx_version, '1.15.0') >= 0 { %> ssl<% } %>; + listen <%= $ip %>:<%= $ssl_port %> ssl; <%- } -%> <%- $ipv6_listen_ip.each |$ipv6| { -%> listen [<%= $ipv6 %>]:<%= $ssl_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>; <%- } -%> <%= $mailhost_common -%> -<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%> - ssl on; -<% } %> starttls off; <%= $mailhost_ssl_settings -%> diff --git a/templates/server/server_ssl_settings.erb b/templates/server/server_ssl_settings.erb index 16a056139..e5251ace8 100755 --- a/templates/server/server_ssl_settings.erb +++ b/templates/server/server_ssl_settings.erb @@ -1,6 +1,3 @@ -<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.15.0']) < 0 -%> - ssl on; -<% end -%> <% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) >= 0 && @http2 -%> http2 <%= @http2 %>; <% end -%>