added http2 directive instead of listen option

adjusted http2 checks adding nginx version to acceptance tests revert changes set default version to 1.25.2 adjusted docs revert changes Test with repository which contains the latest version Test with default repo source and manage repo true Test without setting version Test with 1.25.1 Debugging facts Debugging facts Debugging facts add version to mail fix a test for 1.14 testing testing Debug and tracing set package_ensure disable rubocop disable rubocop set package to altest set package to latest mailspec remove tracing set http2 set http2 directive mailhost mailhost tracing revert revert revert http2 tests http2 tests http2 tests testing testing testing http2 test http2 test http2 test http2 test Fix http2 for old versions
voxpupuli · Nov 6, 2023 · a0adee7 · a0adee7
1 parent 16b38fb
commit a0adee7
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 18 deletions.
diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb
@@ -687,6 +687,26 @@
               it { is_expected.to contain_concat__fragment("#{title}-ssl-header").without_content(%r{  ssl on;}) }
             end
 
+            context 'http2 on with fact nginx_version=1.25.1' do
+              let(:facts) { facts.merge(nginx_version: '1.25.1') }
+              let :params do
+                default_params.merge(
+                  http2: 'on',
+                  ssl: true,
+                  ssl_key: '/tmp/dummy.key',
+                  ssl_cert: '/tmp/dummy.crt'
+                )
+              end
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{^\s+http2\s+on;}) }
+            end
+
+            context 'with fact nginx_version=1.25.1' do
+              let(:facts) { facts.merge(nginx_version: '1.25.1') }
+
+              it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{^\s+http2\s+off;}) }
+            end
+
             context 'with ssl cert and key definitions' do
               let(:pre_condition) do
                 <<-PUPPET
@@ -745,18 +765,6 @@
               value: 'off',
               match: %r{\s+listen\s+\*:443 ssl;}
             },
-            {
-              title: 'should set HTTP2',
-              attr: 'http2',
-              value: 'on',
-              match: %r{\s+listen\s+\*:443 ssl http2;}
-            },
-            {
-              title: 'should not set HTTP2',
-              attr: 'http2',
-              value: 'off',
-              match: %r{\s+listen\s+\*:443 ssl;}
-            },
             {
               title: 'should set the IPv4 listen options',
               attr: 'listen_options',

diff --git a/templates/server/server_ssl_header.erb b/templates/server/server_ssl_header.erb
@@ -4,10 +4,10 @@
 server {
   <%- if @listen_ip.is_a?(Array) then -%>
     <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
     <%- end -%>
   <%- else -%>
-  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
   <%- end -%>
 <%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %>
 <%- if @rewrite_www_to_non_www -%>
@@ -48,10 +48,10 @@ server {
 server {
   <%- if @listen_ip.is_a?(Array) then -%>
     <%- @listen_ip.each do |ip| -%>
-  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+  listen       <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
     <%- end -%>
   <%- else -%>
-  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
+  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
   <%- end -%>
 <%= scope.function_template(["nginx/server/server_ssl_ipv6_listen.erb"]) %>
 <%- if @rewrite_www_to_non_www -%>

diff --git a/templates/server/server_ssl_ipv6_listen.erb b/templates/server/server_ssl_ipv6_listen.erb
@@ -2,9 +2,9 @@
   <%- if @ipv6_enable -%>
     <%- if @ipv6_listen_ip.is_a?(Array) then -%>
       <%- @ipv6_listen_ip.each do |ipv6| -%>
-  listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
+  listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
       <%- end -%>
     <%- else -%>
-  listen       [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
+  listen       [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) < 0 && @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
     <%- end -%>
   <%- end -%>
diff --git a/templates/server/server_ssl_settings.erb b/templates/server/server_ssl_settings.erb
@@ -1,6 +1,9 @@
 <% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.15.0']) < 0 -%>
   ssl on;
 <% end -%>
+<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) >= 0 && @http2 -%>
+  http2 <%= @http2 %>;
+<% end -%>
 <% if @ssl_cert_real -%>
 <% @ssl_cert_real.each do | cert | -%>
   ssl_certificate           <%= cert %>;