module-nginx/templates/vhost/vhost_ssl_header.erb

server {
  listen       <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
  <% if @ipv6_enable && (defined? @ipaddress6) %>
  listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
  <% end %>
  server_name  <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;

  ssl on;

  ssl_certificate           <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
  ssl_certificate_key       <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
<% if defined? @ssl_dhparam -%>
  ssl_dhparam               <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
<% end -%>
  ssl_session_cache         <%= @ssl_cache %>;
  ssl_session_timeout       5m;
  ssl_protocols             <%= @ssl_protocols %>;
  ssl_ciphers               <%= @ssl_ciphers %>;
  ssl_prefer_server_ciphers on;
<% if @ssl_stapling -%>
  ssl_stapling              on;
<% end -%>
<% if defined? @ssl_stapling_file -%>
  ssl_stapling_file         <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
<% end -%>
<% if defined? @ssl_stapling_responder -%>
  ssl_stapling_responder    <%= @ssl_stapling_responder %>;
<% end -%>
<% if @ssl_stapling_verify -%>
  ssl_stapling_verify       on;
<% end -%>
<% if defined? @ssl_trusted_cert -%>
  ssl_trusted_certificate   <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
<% end -%>
<% if @resolver.count > 0 -%>
  resolver                  <% Array(@resolver).each do |r| %> <%= r %><% end %>;
<% end -%>
<% if defined? @auth_basic -%>
  auth_basic                "<%= @auth_basic %>";
<% end -%>
<% if defined? @auth_basic_user_file -%>
  auth_basic_user_file      "<%= @auth_basic_user_file %>";
<% end -%>
<% if defined? @client_max_body_size -%>
  client_max_body_size <%= @client_max_body_size %>;
<% end -%>
<% if @index_files.count > 0 -%>
    index <% Array(@index_files).each do |i| %> <%= i %><% end %>;
<% end -%>

  access_log            <%= @ssl_access_log_real %>;
  error_log             <%= @ssl_error_log_real %>;
  
<% if @vhost_cfg_prepend -%><% @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
  <%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
  <%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @vhost_cfg_ssl_prepend -%><% @vhost_cfg_ssl_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<% if value.is_a?(Hash) -%><% value.each do |subkey,subvalue| -%>
<% Array(subvalue).each do |asubvalue| -%>
  <%= key %> <%= subkey %> <%= asubvalue %>;
<% end -%>
<% end -%><% else -%>
<% Array(value).each do |asubvalue| -%>
  <%= key %> <%= asubvalue %>;
<% end -%>
<% end -%>
<% end -%><% end -%>
<% if @root -%>
  root <%= @root %>;
<% end -%>
<% if @passenger_cgi_param -%><% @passenger_cgi_param.each do |key,value| -%>
  passenger_set_cgi_param  <%= key %> <%= value %>;
<% end -%><% end -%>
<% @proxy_set_header.each do |header| -%>
  proxy_set_header        <%= header %>;
<% end -%>
<% if @add_header -%><% @add_header.each do |key,value| -%>
  add_header              <%= key %> <%= value %>;
<% end -%><% end -%>
Added SuSE Support 2011-06-07 00:25:04 +02:00			`server {`
make ssl listen option configurable 2014-06-02 00:23:07 +02:00			`listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;`
accept boolean for ipv6_enable as documented 2013-11-22 05:18:04 +01:00			`<% if @ipv6_enable && (defined? @ipaddress6) %>`
Move ipv6only=on option from template into puppet See jfryman#30 2014-01-27 16:57:38 +01:00			`listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;`
Fixup incorrect changes from merge 2012-11-08 19:59:17 +01:00			`<% end %>`
Fix deprecated variable names 2013-07-17 20:42:57 +02:00			`server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;`
Added SuSE Support 2011-06-07 00:25:04 +02:00
			`ssl on;`
* Get ssl key/cert with provided file-locations * Parameter index has now become optional * Fix typos 2013-04-16 18:12:32 +02:00
Made config dir available as a parameter. 2014-06-13 12:15:42 +02:00			`ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;`
			`ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;`
Add support for Diffie-Hellman parameters in VHOST resource. 2013-12-27 09:10:11 +01:00			`<% if defined? @ssl_dhparam -%>`
Made config dir available as a parameter. 2014-06-13 12:15:42 +02:00			`ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;`
Add support for Diffie-Hellman parameters in VHOST resource. 2013-12-27 09:10:11 +01:00			`<% end -%>`
support ssl_cache and for passenger cgi params 2013-09-29 20:36:19 +02:00			`ssl_session_cache <%= @ssl_cache %>;`
Merge branch 'master' of https://github.com/jfryman/puppet-nginx Conflicts: manifests/config.pp manifests/init.pp manifests/params.pp manifests/resource/location.pp manifests/resource/vhost.pp manifests/service.pp templates/vhost/vhost_footer.erb templates/vhost/vhost_header.erb templates/vhost/vhost_location_directory.erb templates/vhost/vhost_location_proxy.erb templates/vhost/vhost_ssl_header.erb tests/vhost.pp 2013-05-21 14:30:21 +02:00			`ssl_session_timeout 5m;`
Fix deprecated variable names 2013-07-17 20:42:57 +02:00			`ssl_protocols <%= @ssl_protocols %>;`
			`ssl_ciphers <%= @ssl_ciphers %>;`
Changed SSL ciphers to the recent default for Nginx which is much more secure Added SSL caching to speed up SSL requests Add server_tokens to the global config so this can be turned on\|off between dev and prod Add proxy_set_header to vhost as different vhosts may require different headers and the global setting is not ideal Minor space formatting so that the generated files are fractionally more readable 2013-04-24 10:42:06 +02:00			`ssl_prefer_server_ciphers on;`
Implementation for the ssl_stapling_* parameters. 2013-12-29 15:39:21 +01:00			`<% if @ssl_stapling -%>`
			`ssl_stapling on;`
			`<% end -%>`
			`<% if defined? @ssl_stapling_file -%>`
Made config dir available as a parameter. 2014-06-13 12:15:42 +02:00			`ssl_stapling_file <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;`
Implementation for the ssl_stapling_* parameters. 2013-12-29 15:39:21 +01:00			`<% end -%>`
			`<% if defined? @ssl_stapling_responder -%>`
			`ssl_stapling_responder <%= @ssl_stapling_responder %>;`
			`<% end -%>`
			`<% if @ssl_stapling_verify -%>`
			`ssl_stapling_verify on;`
			`<% end -%>`
			`<% if defined? @ssl_trusted_cert -%>`
Made config dir available as a parameter. 2014-06-13 12:15:42 +02:00			`ssl_trusted_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;`
Implementation for the ssl_stapling_* parameters. 2013-12-29 15:39:21 +01:00			`<% end -%>`
Add configuring multiple resolvers via an array instead of a string 2014-04-03 11:59:47 +02:00			`<% if @resolver.count > 0 -%>`
			`resolver <% Array(@resolver).each do \|r\| %> <%= r %><% end %>;`
Implementation of the resolver parameter. 2013-12-29 15:48:32 +01:00			`<% end -%>`
* Option fastcgi_script fixed * Options location_cfg_append and location_cfg_prepend added to fastcgi template * Option www_root is optional now * Options logging fixed in http template * Auth_basic fixed in SSL vhost header 2013-07-31 23:07:59 +02:00			`<% if defined? @auth_basic -%>`
Fix deprecated variable names 2013-07-17 20:42:57 +02:00			`auth_basic "<%= @auth_basic %>";`
* Fixed listen parameter in template vhost_ssl_header * Added auth basic support * Added vhost_cfg_append parameter to `nginx::resource::vhost` 2013-05-20 16:30:32 +02:00			`<% end -%>`
* Option fastcgi_script fixed * Options location_cfg_append and location_cfg_prepend added to fastcgi template * Option www_root is optional now * Options logging fixed in http template * Auth_basic fixed in SSL vhost header 2013-07-31 23:07:59 +02:00			`<% if defined? @auth_basic_user_file -%>`
Manual merge of https://github.com/jfryman/puppet-nginx/pull/100 2013-08-22 22:44:25 +02:00			`auth_basic_user_file "<%= @auth_basic_user_file %>";`
* Fixed listen parameter in template vhost_ssl_header * Added auth basic support * Added vhost_cfg_append parameter to `nginx::resource::vhost` 2013-05-20 16:30:32 +02:00			`<% end -%>`
Add client_max_body_size to ssl vhost 2014-05-27 12:38:32 +02:00			`<% if defined? @client_max_body_size -%>`
			`client_max_body_size <%= @client_max_body_size %>;`
			`<% end -%>`
Fixed the ability to disable the index_files 2013-12-25 01:13:22 +01:00			`<% if @index_files.count > 0 -%>`
Fix warning: Variable access via 'index_files' is deprecated. Use '@index_files' instead. 2013-12-29 16:13:17 +01:00			`index <% Array(@index_files).each do \|i\| %> <%= i %><% end %>;`
index_files to be defined at server level if specified in resource::vhost This partially avoids pitfall #2 (http://wiki.nginx.org/Pitfalls) 2013-12-19 00:07:56 +01:00			`<% end -%>`
vhosts_ssl_header.erb was missing access_log and error_log directives 2013-06-28 10:12:01 +02:00
Allow format_log in ssl as well 2014-06-10 00:49:33 +02:00			`access_log <%= @ssl_access_log_real %>;`
			`error_log <%= @ssl_error_log_real %>;`
Update vhost_ssl_header.erb Add vhost_cfg_prepend to vhost_ssl_header Add vhost_cfg_ssl_prepend to vhost_ssl_header 2014-02-08 00:36:30 +01:00
			`<% if @vhost_cfg_prepend -%><% @vhost_cfg_prepend.sort_by{ \|k, v\| k.to_s == 'allow' ? '' : k.to_s }.each do \|key,value\| -%>`
Extend hash based host_cfg_{ssl_,}{prepend,append} to vhost_{ssl_,}{header,footer}. fix vhost_location_alias/vhost_location_directory. Add {location_custom_cfg_prepend,append} to vhost_location_fastcgi, vhost_location_proxy and vhost_location_stub_status. 2014-03-08 02:16:07 +01:00			`<% if value.is_a?(Hash) -%><% value.each do \|subkey,subvalue\| -%>`
			`<% Array(subvalue).each do \|asubvalue\| -%>`
Remove Arrays as keys in templates 2014-03-11 16:09:59 +01:00			`<%= key %> <%= subkey %> <%= asubvalue %>;`
Fix formatting errors 2014-03-10 10:26:35 +01:00			`<% end -%>`
Extend hash based host_cfg_{ssl_,}{prepend,append} to vhost_{ssl_,}{header,footer}. fix vhost_location_alias/vhost_location_directory. Add {location_custom_cfg_prepend,append} to vhost_location_fastcgi, vhost_location_proxy and vhost_location_stub_status. 2014-03-08 02:16:07 +01:00			`<% end -%><% else -%>`
Remove Arrays as keys in templates 2014-03-11 16:09:59 +01:00			`<% Array(value).each do \|asubvalue\| -%>`
			`<%= key %> <%= asubvalue %>;`
Fix formatting errors 2014-03-10 10:26:35 +01:00			`<% end -%>`
Extend hash based host_cfg_{ssl_,}{prepend,append} to vhost_{ssl_,}{header,footer}. fix vhost_location_alias/vhost_location_directory. Add {location_custom_cfg_prepend,append} to vhost_location_fastcgi, vhost_location_proxy and vhost_location_stub_status. 2014-03-08 02:16:07 +01:00			`<% end -%>`
Update vhost_ssl_header.erb Add vhost_cfg_prepend to vhost_ssl_header Add vhost_cfg_ssl_prepend to vhost_ssl_header 2014-02-08 00:36:30 +01:00			`<% end -%><% end -%>`
			`<% if @vhost_cfg_ssl_prepend -%><% @vhost_cfg_ssl_prepend.sort_by{ \|k, v\| k.to_s == 'allow' ? '' : k.to_s }.each do \|key,value\| -%>`
Extend hash based host_cfg_{ssl_,}{prepend,append} to vhost_{ssl_,}{header,footer}. fix vhost_location_alias/vhost_location_directory. Add {location_custom_cfg_prepend,append} to vhost_location_fastcgi, vhost_location_proxy and vhost_location_stub_status. 2014-03-08 02:16:07 +01:00			`<% if value.is_a?(Hash) -%><% value.each do \|subkey,subvalue\| -%>`
			`<% Array(subvalue).each do \|asubvalue\| -%>`
Remove Arrays as keys in templates 2014-03-11 16:09:59 +01:00			`<%= key %> <%= subkey %> <%= asubvalue %>;`
Fix formatting errors 2014-03-10 10:26:35 +01:00			`<% end -%>`
Extend hash based host_cfg_{ssl_,}{prepend,append} to vhost_{ssl_,}{header,footer}. fix vhost_location_alias/vhost_location_directory. Add {location_custom_cfg_prepend,append} to vhost_location_fastcgi, vhost_location_proxy and vhost_location_stub_status. 2014-03-08 02:16:07 +01:00			`<% end -%><% else -%>`
Remove Arrays as keys in templates 2014-03-11 16:09:59 +01:00			`<% Array(value).each do \|asubvalue\| -%>`
			`<%= key %> <%= asubvalue %>;`
Fix formatting errors 2014-03-10 10:26:35 +01:00			`<% end -%>`
Extend hash based host_cfg_{ssl_,}{prepend,append} to vhost_{ssl_,}{header,footer}. fix vhost_location_alias/vhost_location_directory. Add {location_custom_cfg_prepend,append} to vhost_location_fastcgi, vhost_location_proxy and vhost_location_stub_status. 2014-03-08 02:16:07 +01:00			`<% end -%>`
Update vhost_ssl_header.erb Add vhost_cfg_prepend to vhost_ssl_header Add vhost_cfg_ssl_prepend to vhost_ssl_header 2014-02-08 00:36:30 +01:00			`<% end -%><% end -%>`
possibility to disable default location 2013-09-29 20:53:25 +02:00			`<% if @root -%>`
			`root <%= @root %>;`
			`<% end -%>`
support ssl_cache and for passenger cgi params 2013-09-29 20:36:19 +02:00			`<% if @passenger_cgi_param -%><% @passenger_cgi_param.each do \|key,value\| -%>`
			`passenger_set_cgi_param <%= key %> <%= value %>;`
			`<% end -%><% end -%>`
Add proxy_set_header to vhost_ssl_header to be the same as vhost_header 2013-12-18 23:47:49 +01:00			`<% @proxy_set_header.each do \|header\| -%>`
			`proxy_set_header <%= header %>;`
			`<% end -%>`
Add the possibility to add a header to the HTTP response when response code is equal to 200, 204, 301, 302 or 304. 2013-12-24 13:07:58 +01:00			`<% if @add_header -%><% @add_header.each do \|key,value\| -%>`
			`add_header <%= key %> <%= value %>;`
			`<% end -%><% end -%>`