Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ssl fixes #43

Merged
merged 4 commits into from
Apr 13, 2013
Merged

Ssl fixes #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
265485d
ssl check fixed
Apr 13, 2013
8fcc6ad
removing wrong boolean quoting
Apr 13, 2013
7f6acdf
removing wrong boolean quoting
Apr 13, 2013
276efca
indentation
Apr 13, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 20 additions & 16 deletions manifests/resource/location.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
# [*location_alias*] - Path to be used as basis for serving requests for this location
# [*stub_status*] - If true it will point configure module stub_status to provide nginx stats on location
# [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
#
Expand All @@ -31,7 +31,7 @@
# location => '/bob',
# vhost => 'test2.local',
# }
#
#
# Custom config example to limit location on localhost,
# create a hash with any extra custom config you want.
# $my_config = {
Expand All @@ -47,31 +47,33 @@
# location_cfg_append => $my_config,
# }

define nginx::resource::location(
define nginx::resource::location (
$ensure = present,
$vhost = undef,
$www_root = undef,
$index_files = ['index.html', 'index.htm', 'index.php'],
$index_files = [
'index.html',
'index.htm',
'index.php'],
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$ssl = false,
$ssl_only = false,
$ssl_only = false,
$location_alias = undef,
$option = undef,
$stub_status = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef,
$location
) {
$location) {
File {
owner => 'root',
group => 'root',
mode => '0644',
notify => Class['nginx::service'],
}

## Shared Variables
# # Shared Variables
$ensure_real = $ensure ? {
'absent' => absent,
default => file,
Expand All @@ -88,28 +90,30 @@
$content_real = template('nginx/vhost/vhost_location_directory.erb')
}

## Check for various error condtiions
# # Check for various error condtiions
if ($vhost == undef) {
fail('Cannot create a location reference without attaching to a virtual host')
}
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) ) {

if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias or stub_status defined')
}

if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}

## Create stubs for vHost File Fragment Pattern
if ($ssl_only != 'true') {
file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
# # Create stubs for vHost File Fragment Pattern
if (!$ssl_only) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
ensure => $ensure_real,
content => $content_real,
}
}

## Only create SSL Specific locations if $ssl is true.
if ($ssl == 'true') {
file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
# # Only create SSL Specific locations if $ssl is true.
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
ensure => $ensure_real,
content => $content_real,
}
Expand Down
43 changes: 21 additions & 22 deletions manifests/resource/mailhost.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,25 +41,24 @@
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::mailhost(
$ensure = 'enable',
$listen_ip = '*',
define nginx::resource::mailhost (
$ensure = 'enable',
$listen_ip = '*',
$listen_port,
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]
) {
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]) {
File {
owner => 'root',
group => 'root',
Expand All @@ -68,7 +67,7 @@

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$::ipaddress6) {
if ($ipv6_enable and !$::ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

Expand All @@ -88,19 +87,19 @@
default => 'file',
},
content => template('nginx/mailhost/mailhost.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}

# Create SSL File Stubs if SSL is enabled
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-700-ssl":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/mailhost/mailhost_ssl.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}
}
11 changes: 4 additions & 7 deletions manifests/resource/upstream.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,19 @@
# 'localhost:3002',
# ],
# }
define nginx::resource::upstream (
$ensure = 'present',
$members
) {
define nginx::resource::upstream ($ensure = 'present', $members) {
File {
owner => 'root',
group => 'root',
mode => '0644',
}

file { "/etc/nginx/conf.d/${name}-upstream.conf":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
}
}
60 changes: 31 additions & 29 deletions manifests/resource/vhost.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::vhost(
define nginx::resource::vhost (
$ensure = 'enable',
$listen_ip = '*',
$listen_port = '80',
Expand All @@ -51,18 +51,19 @@
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = '443',
$ssl_port = '443',
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$index_files = ['index.html', 'index.htm', 'index.php'],
$index_files = [
'index.html',
'index.htm',
'index.php'],
$server_name = [$name],
$www_root = undef,
$rewrite_www_to_non_www = false,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef
) {

$try_files = undef) {
File {
owner => 'root',
group => 'root',
Expand All @@ -71,7 +72,7 @@

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable == 'true') and ($ipaddress6) {
if ($ipv6_enable == 'true') and ($ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

Expand All @@ -91,39 +92,39 @@
default => 'file',
},
content => template('nginx/vhost/vhost_header.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}

if ($ssl == 'true') and ($ssl_port == $listen_port) {
$ssl_only = 'true'
}

# Create the default location reference for the vHost
nginx::resource::location {"${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
try_files => $try_files,
www_root => $www_root,
notify => Class['nginx::service'],
nginx::resource::location { "${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
try_files => $try_files,
www_root => $www_root,
notify => Class['nginx::service'],
}

# Support location_cfg_prepend and location_cfg_append on default location created by vhost
if $location_cfg_prepend {
Nginx::Resource::Location["${name}-default"] {
location_cfg_prepend => $location_cfg_prepend
}
location_cfg_prepend => $location_cfg_prepend }
}

if $location_cfg_append {
Nginx::Resource::Location["${name}-default"] {
location_cfg_append => $location_cfg_append
}
location_cfg_append => $location_cfg_append }
}

# Create a proper file close stub.
if ($listen_port != $ssl_port) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
Expand All @@ -137,22 +138,23 @@
}

# Create SSL File Stubs if SSL is enabled
if ($ssl == 'true') {
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_ssl_header.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}

file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_footer.erb'),
notify => Class['nginx::service'],
notify => Class['nginx::service'],
}
}
}