invalid config generated when ssl is false and listen_port == ssl_port

[PierreGambarotto]

in vhost.pp, when $ssl is false and $listen_port == $ssl_port (which is a not so logical config, albeit a not illegal one), no header and footer fragment are defined for the vhost file, thus generating an invalid config file.

I think a fix would be to add and not $ssl as a guard in the if condition, i.e. change

if ($listen_port != $ssl_port) { 

to

if ($listen_port != $ssl_port and not $ssl) { 

[mvintila]

I have this in my config:

nginx::resource::vhost {'vpp':
    server_name => $servernames,
    listen_port     => 443,
    ssl_port         => 443,
    ssl                 => true,
    ssl_cert         => '/etc/ssl/private/lb/cert.cer',
    ssl_key         => '/etc/ssl/private/lb/cert.key',
    proxy            => 'https://railsweb',
    location_cfg_append => { 
      'rewrite' => '^ https://$server_name$request_uri? permanent',
    },
    require => File ['/etc/ssl/private/lb']
  }

And i am still getting the bug, so it's not related to ssl => true parameter.

[mvintila]

Bug reproduced using version 0.2.6 of the module and the above configuration.

[mvintila]

Even downgrading to 0.0.10 produces the same config file with the "location" directives above the "server" block.

I think the problem is related to defining locations that point to ssl-enabled vhosts. When the configuration is defined so that there are both ssl and plain servers($ssl_port != $listen_port), the locations will be generated in the plain server block, above the ssl-enabled server block.

When $ssl_port == $listen_port, the plain part is simply removed, but the "location" directives remain in the same spot as before, above the ssl-enabled server block, outside of any server block.

[tarcinil]

I am running into this as well.

[tarcinil]

I was able to resolve this as you need to have

    ssl => true,
    ssl_only => true,

on the location as well as the vhost. I noticed that this is also in the documentation but I would recommend that the documentation express it a little clearer.

[jeremycrussell]

Upvoting @tarcinil , this isn't clear in the docs...

[klingenm]

I have run into this as well.

[wyardley]

Is anyone willing to contribute a PR for this, and / or do some functional testing to a proposed fix?

[wyardley]

Also, can someone test whether this still happens with most recent release (0.5.0)?

[wyardley]

ps - As of now, I think lines 122-132 in the README do sort of explain this.

[wyardley]

I think a warning should be given now:
https://github.com/voxpupuli/puppet-nginx/blob/master/manifests/resource/server.pp#L302-L306
Closing via #1015