module-nginx/templates/vhost/vhost_ssl_settings.erb

  ssl on;

  ssl_certificate           <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
  ssl_certificate_key       <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
<% if defined? @ssl_client_cert -%>
  ssl_client_certificate    <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.client.crt;
  ssl_verify_client on;
<% end -%>
<% if defined? @ssl_dhparam -%>
  ssl_dhparam               <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
<% end -%>
  ssl_session_cache         <%= @ssl_cache %>;
  ssl_session_timeout       <%= @ssl_session_timeout %>;
  ssl_protocols             <%= @ssl_protocols %>;
  ssl_ciphers               <%= @ssl_ciphers %>;
  ssl_prefer_server_ciphers on;
<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
  <%- if @ssl_stapling -%>
  ssl_stapling              on;
  <%- end -%>
  <%- if defined? @ssl_stapling_file -%>
  ssl_stapling_file         <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
  <%- end -%>
  <%- if defined? @ssl_stapling_responder -%>
  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
  <%- end -%>
  <%- if @ssl_stapling_verify -%>
  ssl_stapling_verify       on;
  <%- end -%>
  <%- if defined? @ssl_trusted_cert -%>
  ssl_trusted_certificate   <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
  <%- end -%>

<% end -%>
Include ssl settings in rewrite_www server. fixes jfryman/puppet-nginx#542 2015-01-15 20:40:58 +01:00			`ssl on;`

			`ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;`
			`ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;`
			`<% if defined? @ssl_client_cert -%>`
			`ssl_client_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.client.crt;`
			`ssl_verify_client on;`
			`<% end -%>`
			`<% if defined? @ssl_dhparam -%>`
			`ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;`
			`<% end -%>`
			`ssl_session_cache <%= @ssl_cache %>;`
			`ssl_session_timeout <%= @ssl_session_timeout %>;`
			`ssl_protocols <%= @ssl_protocols %>;`
			`ssl_ciphers <%= @ssl_ciphers %>;`
			`ssl_prefer_server_ciphers on;`
			`<%- if instance_variables.any? { \|iv\| iv.to_s.include? 'ssl_' } -%>`
			`<%- if @ssl_stapling -%>`
			`ssl_stapling on;`
			`<%- end -%>`
			`<%- if defined? @ssl_stapling_file -%>`
			`ssl_stapling_file <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;`
			`<%- end -%>`
			`<%- if defined? @ssl_stapling_responder -%>`
			`ssl_stapling_responder <%= @ssl_stapling_responder %>;`
			`<%- end -%>`
			`<%- if @ssl_stapling_verify -%>`
			`ssl_stapling_verify on;`
			`<%- end -%>`
			`<%- if defined? @ssl_trusted_cert -%>`
			`ssl_trusted_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;`
			`<%- end -%>`

			`<% end -%>`