|
|
@@ -148,89 +148,89 @@
|
|
|
# ssl_key => '/tmp/server.pem',
|
|
|
# }
|
|
|
define nginx::resource::vhost (
|
|
|
- $ensure = 'present',
|
|
|
- $listen_ip = '*',
|
|
|
- $listen_port = '80',
|
|
|
- $listen_options = undef,
|
|
|
- $location_allow = [],
|
|
|
- $location_deny = [],
|
|
|
- $ipv6_enable = false,
|
|
|
- $ipv6_listen_ip = '::',
|
|
|
- $ipv6_listen_port = '80',
|
|
|
- $ipv6_listen_options = 'default ipv6only=on',
|
|
|
- $add_header = undef,
|
|
|
- $ssl = false,
|
|
|
- $ssl_listen_option = true,
|
|
|
- $ssl_cert = undef,
|
|
|
- $ssl_dhparam = undef,
|
|
|
- $ssl_key = undef,
|
|
|
- $ssl_port = '443',
|
|
|
- $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
|
|
|
- $ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
|
|
|
- $ssl_cache = 'shared:SSL:10m',
|
|
|
- $ssl_stapling = false,
|
|
|
- $ssl_stapling_file = undef,
|
|
|
- $ssl_stapling_responder = undef,
|
|
|
- $ssl_stapling_verify = false,
|
|
|
- $ssl_session_timeout = '5m',
|
|
|
- $ssl_trusted_cert = undef,
|
|
|
- $spdy = $nginx::config::spdy,
|
|
|
- $proxy = undef,
|
|
|
- $proxy_redirect = undef,
|
|
|
- $proxy_read_timeout = $nginx::config::proxy_read_timeout,
|
|
|
- $proxy_connect_timeout = $nginx::config::proxy_connect_timeout,
|
|
|
- $proxy_set_header = [],
|
|
|
- $proxy_cache = false,
|
|
|
- $proxy_cache_valid = false,
|
|
|
- $proxy_method = undef,
|
|
|
- $proxy_set_body = undef,
|
|
|
- $resolver = [],
|
|
|
- $fastcgi = undef,
|
|
|
- $fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params",
|
|
|
- $fastcgi_script = undef,
|
|
|
- $index_files = [
|
|
|
+ $ensure = 'present',
|
|
|
+ $listen_ip = '*',
|
|
|
+ $listen_port = '80',
|
|
|
+ $listen_options = undef,
|
|
|
+ $location_allow = [],
|
|
|
+ $location_deny = [],
|
|
|
+ $ipv6_enable = false,
|
|
|
+ $ipv6_listen_ip = '::',
|
|
|
+ $ipv6_listen_port = '80',
|
|
|
+ $ipv6_listen_options = 'default ipv6only=on',
|
|
|
+ $add_header = undef,
|
|
|
+ $ssl = false,
|
|
|
+ $ssl_listen_option = true,
|
|
|
+ $ssl_cert = undef,
|
|
|
+ $ssl_dhparam = undef,
|
|
|
+ $ssl_key = undef,
|
|
|
+ $ssl_port = '443',
|
|
|
+ $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
|
|
|
+ $ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
|
|
|
+ $ssl_cache = 'shared:SSL:10m',
|
|
|
+ $ssl_stapling = false,
|
|
|
+ $ssl_stapling_file = undef,
|
|
|
+ $ssl_stapling_responder = undef,
|
|
|
+ $ssl_stapling_verify = false,
|
|
|
+ $ssl_session_timeout = '5m',
|
|
|
+ $ssl_trusted_cert = undef,
|
|
|
+ $spdy = $nginx::config::spdy,
|
|
|
+ $proxy = undef,
|
|
|
+ $proxy_redirect = undef,
|
|
|
+ $proxy_read_timeout = $nginx::config::proxy_read_timeout,
|
|
|
+ $proxy_connect_timeout = $nginx::config::proxy_connect_timeout,
|
|
|
+ $proxy_set_header = [],
|
|
|
+ $proxy_cache = false,
|
|
|
+ $proxy_cache_valid = false,
|
|
|
+ $proxy_method = undef,
|
|
|
+ $proxy_set_body = undef,
|
|
|
+ $resolver = [],
|
|
|
+ $fastcgi = undef,
|
|
|
+ $fastcgi_params = "${nginx::config::conf_dir}/fastcgi_params",
|
|
|
+ $fastcgi_script = undef,
|
|
|
+ $index_files = [
|
|
|
'index.html',
|
|
|
'index.htm',
|
|
|
'index.php'],
|
|
|
- $autoindex = undef,
|
|
|
- $server_name = [$name],
|
|
|
- $www_root = undef,
|
|
|
- $rewrite_www_to_non_www = false,
|
|
|
- $rewrite_to_https = undef,
|
|
|
- $location_custom_cfg = undef,
|
|
|
- $location_cfg_prepend = undef,
|
|
|
- $location_cfg_append = undef,
|
|
|
+ $autoindex = undef,
|
|
|
+ $server_name = [$name],
|
|
|
+ $www_root = undef,
|
|
|
+ $rewrite_www_to_non_www = false,
|
|
|
+ $rewrite_to_https = undef,
|
|
|
+ $location_custom_cfg = undef,
|
|
|
+ $location_cfg_prepend = undef,
|
|
|
+ $location_cfg_append = undef,
|
|
|
$location_custom_cfg_prepend = undef,
|
|
|
$location_custom_cfg_append = undef,
|
|
|
- $try_files = undef,
|
|
|
- $auth_basic = undef,
|
|
|
- $auth_basic_user_file = undef,
|
|
|
- $client_body_timeout = undef,
|
|
|
- $client_header_timeout = undef,
|
|
|
- $client_max_body_size = undef,
|
|
|
- $raw_prepend = undef,
|
|
|
- $raw_append = undef,
|
|
|
- $location_raw_prepend = undef,
|
|
|
- $location_raw_append = undef,
|
|
|
- $vhost_cfg_prepend = undef,
|
|
|
- $vhost_cfg_append = undef,
|
|
|
- $vhost_cfg_ssl_prepend = undef,
|
|
|
- $vhost_cfg_ssl_append = undef,
|
|
|
- $include_files = undef,
|
|
|
- $access_log = undef,
|
|
|
- $error_log = undef,
|
|
|
- $format_log = undef,
|
|
|
- $passenger_cgi_param = undef,
|
|
|
- $log_by_lua = undef,
|
|
|
- $log_by_lua_file = undef,
|
|
|
- $use_default_location = true,
|
|
|
- $rewrite_rules = [],
|
|
|
- $string_mappings = {},
|
|
|
- $geo_mappings = {},
|
|
|
- $gzip_types = undef,
|
|
|
- $owner = $nginx::config::global_owner,
|
|
|
- $group = $nginx::config::global_group,
|
|
|
- $mode = $nginx::config::global_mode,
|
|
|
+ $try_files = undef,
|
|
|
+ $auth_basic = undef,
|
|
|
+ $auth_basic_user_file = undef,
|
|
|
+ $client_body_timeout = undef,
|
|
|
+ $client_header_timeout = undef,
|
|
|
+ $client_max_body_size = undef,
|
|
|
+ $raw_prepend = undef,
|
|
|
+ $raw_append = undef,
|
|
|
+ $location_raw_prepend = undef,
|
|
|
+ $location_raw_append = undef,
|
|
|
+ $vhost_cfg_prepend = undef,
|
|
|
+ $vhost_cfg_append = undef,
|
|
|
+ $vhost_cfg_ssl_prepend = undef,
|
|
|
+ $vhost_cfg_ssl_append = undef,
|
|
|
+ $include_files = undef,
|
|
|
+ $access_log = undef,
|
|
|
+ $error_log = undef,
|
|
|
+ $format_log = undef,
|
|
|
+ $passenger_cgi_param = undef,
|
|
|
+ $log_by_lua = undef,
|
|
|
+ $log_by_lua_file = undef,
|
|
|
+ $use_default_location = true,
|
|
|
+ $rewrite_rules = [],
|
|
|
+ $string_mappings = {},
|
|
|
+ $geo_mappings = {},
|
|
|
+ $gzip_types = undef,
|
|
|
+ $owner = $nginx::config::global_owner,
|
|
|
+ $group = $nginx::config::global_group,
|
|
|
+ $mode = $nginx::config::global_mode,
|
|
|
) {
|
|
|
|
|
|
validate_re($ensure, '^(present|absent)$',
|
|
|
@@ -572,7 +572,7 @@ define nginx::resource::vhost (
|
|
|
# Also opted to add more logic here and keep template cleaner which
|
|
|
# unfortunately means resorting to the $varname_real thing
|
|
|
$ssl_access_log_tmp = $access_log ? {
|
|
|
- undef => "${nginx::config::logdir}/ssl-${name_sanitized}.access.log",
|
|
|
+ undef => "${nginx::config::log_dir}/ssl-${name_sanitized}.access.log",
|
|
|
default => $access_log,
|
|
|
}
|
|
|
|
|
|
@@ -582,7 +582,7 @@ define nginx::resource::vhost (
|
|
|
}
|
|
|
|
|
|
$ssl_error_log_real = $error_log ? {
|
|
|
- undef => "${nginx::config::logdir}/ssl-${name_sanitized}.error.log",
|
|
|
+ undef => "${nginx::config::log_dir}/ssl-${name_sanitized}.error.log",
|
|
|
default => $error_log,
|
|
|
}
|
|
|
|
James Fryman