Merge pull request #43 from zoide/ssl-fixes

Ssl fixes
2013-04-13 10:04:25 -07:00 · 2013-04-13 10:04:25 -07:00 · 108c5b8f15
commit 108c5b8f15
parent f042b84686 276efcad66
4 changed files with 76 additions and 74 deletions
--- a/manifests/resource/location.pp
+++ b/manifests/resource/location.pp
@ -16,7 +16,7 @@
 #   [*location_alias*]       - Path to be used as basis for serving requests for this location
 #   [*stub_status*]          - If true it will point configure module stub_status to provide nginx stats on location
 #   [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location
-#   [*location_cfg_append*]  - It expects a hash with custom directives to put after everything else inside location   
+#   [*location_cfg_append*]  - It expects a hash with custom directives to put after everything else inside location
 #   [*try_files*]            - An array of file locations to try
 #   [*option*]               - Reserved for future use
 #
@ -31,7 +31,7 @@
 #    location => '/bob',
 #    vhost    => 'test2.local',
 #  }
-#  
+#
 #  Custom config example to limit location on localhost,
 #  create a hash with any extra custom config you want.
 #  $my_config = {
@ -47,23 +47,25 @@
 #    location_cfg_append => $my_config,
 #  }

-define nginx::resource::location(
+define nginx::resource::location (
  $ensure               = present,
  $vhost                = undef,
  $www_root             = undef,
-  $index_files          = ['index.html', 'index.htm', 'index.php'],
+  $index_files          = [
+    'index.html',
+    'index.htm',
+    'index.php'],
  $proxy                = undef,
  $proxy_read_timeout   = $nginx::params::nx_proxy_read_timeout,
  $ssl                  = false,
-  $ssl_only		= false,
+  $ssl_only             = false,
  $location_alias       = undef,
  $option               = undef,
  $stub_status          = undef,
  $location_cfg_prepend = undef,
  $location_cfg_append  = undef,
  $try_files            = undef,
-  $location
-) {
+  $location) {
  File {
    owner  => 'root',
    group  => 'root',
@ -71,7 +73,7 @@ define nginx::resource::location(
    notify => Class['nginx::service'],
  }

-  ## Shared Variables
+  # # Shared Variables
  $ensure_real = $ensure ? {
    'absent' => absent,
    default  => file,
@ -88,28 +90,30 @@ define nginx::resource::location(
    $content_real = template('nginx/vhost/vhost_location_directory.erb')
  }

-  ## Check for various error condtiions
+  # # Check for various error condtiions
  if ($vhost == undef) {
    fail('Cannot create a location reference without attaching to a virtual host')
  }
-  if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) ) {
+
+  if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef)) {
    fail('Cannot create a location reference without a www_root, proxy, location_alias or stub_status defined')
  }
+
  if (($www_root != undef) and ($proxy != undef)) {
    fail('Cannot define both directory and proxy in a virtual host')
  }

-  ## Create stubs for vHost File Fragment Pattern
-  if ($ssl_only != 'true') {
-    file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
+  # # Create stubs for vHost File Fragment Pattern
+  if (!$ssl_only) {
+    file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
      ensure  => $ensure_real,
      content => $content_real,
    }
  }

-  ## Only create SSL Specific locations if $ssl is true.
-  if ($ssl == 'true') {
-    file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
+  # # Only create SSL Specific locations if $ssl is true.
+  if ($ssl) {
+    file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
      ensure  => $ensure_real,
      content => $content_real,
    }
--- a/manifests/resource/mailhost.pp
+++ b/manifests/resource/mailhost.pp
@ -41,25 +41,24 @@
 #    ssl_cert    => '/tmp/server.crt',
 #    ssl_key     => '/tmp/server.pem',
 #  }
-define nginx::resource::mailhost(
-  $ensure                 = 'enable',
-  $listen_ip              = '*',
+define nginx::resource::mailhost (
+  $ensure              = 'enable',
+  $listen_ip           = '*',
  $listen_port,
-  $listen_options         = undef,
-  $ipv6_enable            = false,
-  $ipv6_listen_ip         = '::',
-  $ipv6_listen_port       = '80',
-  $ipv6_listen_options    = 'default',
-  $ssl                    = false,
-  $ssl_cert               = undef,
-  $ssl_key                = undef,
-  $ssl_port               = undef,
-  $starttls               = 'off',
-  $protocol               = undef,
-  $auth_http              = undef,
-  $xclient                = 'on',
-  $server_name            = [$name]
-) {
+  $listen_options      = undef,
+  $ipv6_enable         = false,
+  $ipv6_listen_ip      = '::',
+  $ipv6_listen_port    = '80',
+  $ipv6_listen_options = 'default',
+  $ssl                 = false,
+  $ssl_cert            = undef,
+  $ssl_key             = undef,
+  $ssl_port            = undef,
+  $starttls            = 'off',
+  $protocol            = undef,
+  $auth_http           = undef,
+  $xclient             = 'on',
+  $server_name         = [$name]) {
  File {
    owner => 'root',
    group => 'root',
@ -68,7 +67,7 @@ define nginx::resource::mailhost(

  # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
  # and support does not exist for it in the kernel.
-  if ($ipv6_enable and !$::ipaddress6)  {
+  if ($ipv6_enable and !$::ipaddress6) {
    warning('nginx: IPv6 support is not enabled or configured properly')
  }

@ -88,19 +87,19 @@ define nginx::resource::mailhost(
        default  => 'file',
      },
      content => template('nginx/mailhost/mailhost.erb'),
-      notify => Class['nginx::service'],
+      notify  => Class['nginx::service'],
    }
  }

  # Create SSL File Stubs if SSL is enabled
  if ($ssl) {
    file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-700-ssl":
-      ensure => $ensure ? {
+      ensure  => $ensure ? {
        'absent' => absent,
        default  => 'file',
      },
      content => template('nginx/mailhost/mailhost_ssl.erb'),
-      notify => Class['nginx::service'],
+      notify  => Class['nginx::service'],
    }
  }
 }
--- a/manifests/resource/upstream.pp
+++ b/manifests/resource/upstream.pp
@ -19,10 +19,7 @@
 #      'localhost:3002',
 #    ],
 #  }
-define nginx::resource::upstream (
-  $ensure = 'present',
-  $members
-) {
+define nginx::resource::upstream ($ensure = 'present', $members) {
  File {
    owner => 'root',
    group => 'root',
@ -30,11 +27,11 @@ define nginx::resource::upstream (
  }

  file { "/etc/nginx/conf.d/${name}-upstream.conf":
-    ensure   => $ensure ? {
+    ensure  => $ensure ? {
      'absent' => absent,
      default  => 'file',
    },
-    content  => template('nginx/conf.d/upstream.erb'),
-    notify   => Class['nginx::service'],
+    content => template('nginx/conf.d/upstream.erb'),
+    notify  => Class['nginx::service'],
  }
 }
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@ -39,7 +39,7 @@
 #    ssl_cert => '/tmp/server.crt',
 #    ssl_key  => '/tmp/server.pem',
 #  }
-define nginx::resource::vhost(
+define nginx::resource::vhost (
  $ensure                 = 'enable',
  $listen_ip              = '*',
  $listen_port            = '80',
@ -51,18 +51,19 @@ define nginx::resource::vhost(
  $ssl                    = false,
  $ssl_cert               = undef,
  $ssl_key                = undef,
-  $ssl_port		  = '443',
+  $ssl_port               = '443',
  $proxy                  = undef,
  $proxy_read_timeout     = $nginx::params::nx_proxy_read_timeout,
-  $index_files            = ['index.html', 'index.htm', 'index.php'],
+  $index_files            = [
+    'index.html',
+    'index.htm',
+    'index.php'],
  $server_name            = [$name],
  $www_root               = undef,
  $rewrite_www_to_non_www = false,
  $location_cfg_prepend   = undef,
  $location_cfg_append    = undef,
-  $try_files              = undef
-) {
-
+  $try_files              = undef) {
  File {
    owner => 'root',
    group => 'root',
@ -71,7 +72,7 @@ define nginx::resource::vhost(

  # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
  # and support does not exist for it in the kernel.
-  if ($ipv6_enable == 'true') and ($ipaddress6)  {
+  if ($ipv6_enable == 'true') and ($ipaddress6) {
    warning('nginx: IPv6 support is not enabled or configured properly')
  }

@ -91,39 +92,39 @@ define nginx::resource::vhost(
        default  => 'file',
      },
      content => template('nginx/vhost/vhost_header.erb'),
-      notify => Class['nginx::service'],
+      notify  => Class['nginx::service'],
    }
  }
-  
+
  if ($ssl == 'true') and ($ssl_port == $listen_port) {
    $ssl_only = 'true'
  }

  # Create the default location reference for the vHost
-  nginx::resource::location {"${name}-default":
-    ensure               => $ensure,
-    vhost                => $name,
-    ssl                  => $ssl,
-    ssl_only             => $ssl_only,
-    location             => '/',
-    proxy                => $proxy,
-    proxy_read_timeout   => $proxy_read_timeout,
-    try_files            => $try_files,
-    www_root             => $www_root,
-    notify               => Class['nginx::service'],
+  nginx::resource::location { "${name}-default":
+    ensure             => $ensure,
+    vhost              => $name,
+    ssl                => $ssl,
+    ssl_only           => $ssl_only,
+    location           => '/',
+    proxy              => $proxy,
+    proxy_read_timeout => $proxy_read_timeout,
+    try_files          => $try_files,
+    www_root           => $www_root,
+    notify             => Class['nginx::service'],
  }

  # Support location_cfg_prepend and location_cfg_append on default location created by vhost
  if $location_cfg_prepend {
    Nginx::Resource::Location["${name}-default"] {
-      location_cfg_prepend => $location_cfg_prepend
-    }
+      location_cfg_prepend => $location_cfg_prepend }
  }
+
  if $location_cfg_append {
    Nginx::Resource::Location["${name}-default"] {
-      location_cfg_append => $location_cfg_append
-    }
+      location_cfg_append => $location_cfg_append }
  }
+
  # Create a proper file close stub.
  if ($listen_port != $ssl_port) {
    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
@ -137,22 +138,23 @@ define nginx::resource::vhost(
  }

  # Create SSL File Stubs if SSL is enabled
-  if ($ssl == 'true') {
+  if ($ssl) {
    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
-      ensure => $ensure ? {
+      ensure  => $ensure ? {
        'absent' => absent,
        default  => 'file',
      },
      content => template('nginx/vhost/vhost_ssl_header.erb'),
-      notify => Class['nginx::service'],
+      notify  => Class['nginx::service'],
    }
+
    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl":
-      ensure => $ensure ? {
+      ensure  => $ensure ? {
        'absent' => absent,
        default  => 'file',
      },
      content => template('nginx/vhost/vhost_footer.erb'),
-      notify => Class['nginx::service'],
+      notify  => Class['nginx::service'],
    }
  }
 }