opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #821 from iain-buclaw-sociomantic/ssltickets

Browse source 
Add ssl_session_tickets and ssl_session_ticket_key parameters
This commit is contained in:
Matthew Haughton 2016-06-17 10:03:59 -04:00 committed by GitHub
commit 4f91f7c43c
2 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
manifests/resource/vhost.pp
View file

@ -79,6 +79,10 @@
# OCSP responses by the server. Defaults to false. # OCSP responses by the server. Defaults to false.
# [*ssl_session_timeout*] - String: Specifies a time during which a client # [*ssl_session_timeout*] - String: Specifies a time during which a client
# may reuse the session parameters stored in a cache. Defaults to 5m. # may reuse the session parameters stored in a cache. Defaults to 5m.
# [*ssl_session_tickets*] - String: Enables or disables session resumption
# through TLS session tickets.
# [*ssl_session_ticket_key*] - String: Sets a file with the secret key used
# to encrypt and decrypt TLS session tickets.
# [*ssl_trusted_cert*] - String: Specifies a file with trusted CA # [*ssl_trusted_cert*] - String: Specifies a file with trusted CA
# certificates in the PEM format used to verify client certificates and # certificates in the PEM format used to verify client certificates and
# OCSP responses if ssl_stapling is enabled. # OCSP responses if ssl_stapling is enabled.
@ -206,6 +210,8 @@ define nginx::resource::vhost (
$ssl_stapling_responder = undef, $ssl_stapling_responder = undef,
$ssl_stapling_verify = false, $ssl_stapling_verify = false,
$ssl_session_timeout = '5m', $ssl_session_timeout = '5m',
$ssl_session_tickets = undef,
$ssl_session_ticket_key = undef,
$ssl_trusted_cert = undef, $ssl_trusted_cert = undef,
$spdy = $::nginx::config::spdy, $spdy = $::nginx::config::spdy,
$http2 = $::nginx::config::http2, $http2 = $::nginx::config::http2,
@ -355,6 +361,12 @@ define nginx::resource::vhost (
} }
validate_bool($ssl_stapling_verify) validate_bool($ssl_stapling_verify)
validate_string($ssl_session_timeout) validate_string($ssl_session_timeout)
if ($ssl_session_tickets) {
validate_string($ssl_session_tickets)
}
if ($ssl_session_ticket_key) {
validate_string($ssl_session_ticket_key)
}
if ($ssl_trusted_cert != undef) { if ($ssl_trusted_cert != undef) {
validate_string($ssl_trusted_cert) validate_string($ssl_trusted_cert)
} }

6
templates/vhost/vhost_ssl_settings.erb
View file

@ -11,6 +11,12 @@
<% end -%> <% end -%>
ssl_session_cache <%= @ssl_cache %>; ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>; ssl_session_timeout <%= @ssl_session_timeout %>;
<% if @ssl_session_tickets -%>
ssl_session_tickets <%= @ssl_session_tickets %>;
<% end -%>
<% if @ssl_session_ticket_key -%>
ssl_session_ticket_key <%= @ssl_session_ticket_key %>;
<% end -%>
<% if @ssl_buffer_size -%> <% if @ssl_buffer_size -%>
ssl_buffer_size <%= @ssl_buffer_size %>; ssl_buffer_size <%= @ssl_buffer_size %>;
<% end -%> <% end -%>