Merge pull request #33 from juaningan/master

Support for SSL only server and SSL defined port
2012-10-24 05:09:43 -07:00 · 2012-10-24 05:09:43 -07:00 · 688948a267
commit 688948a267
parent ea04c46b9c b4ddaf22df
3 changed files with 33 additions and 18 deletions
--- a/manifests/resource/location.pp
+++ b/manifests/resource/location.pp
@ -12,6 +12,7 @@
 #                              with nginx::resource::upstream
 #   [*proxy_read_timeout*]   - Override the default the proxy read timeout value of 90 seconds
 #   [*ssl*]                  - Indicates whether to setup SSL bindings for this location.
+#   [*ssl_only*]	     - Required if the SSL and normal vHost have the same port.
 #   [*location_alias*]       - Path to be used as basis for serving requests for this location
 #   [*stub_status*]          - If true it will point configure module stub_status to provide nginx stats on location
 #   [*location_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside location
@ -53,6 +54,7 @@ define nginx::resource::location(
  $proxy                = undef,
  $proxy_read_timeout   = $nginx::params::nx_proxy_read_timeout,
  $ssl                  = false,
+  $ssl_only		= false,
  $location_alias       = undef,
  $option               = undef,
  $stub_status          = undef,
@ -96,9 +98,11 @@ define nginx::resource::location(
  }

  ## Create stubs for vHost File Fragment Pattern
-  file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
-    ensure  => $ensure_real,
-    content => $content_real,
+  if ($ssl_only != 'true') {
+    file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
+      ensure  => $ensure_real,
+      content => $content_real,
+    }
  }

  ## Only create SSL Specific locations if $ssl is true.
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@ -20,6 +20,7 @@
 #   [*ssl*]                 - Indicates whether to setup SSL bindings for this vhost.
 #   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
+#   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
 #   [*server_name*]         - List of vhostnames for which this vhost will respond. Default [$name].
 #   [*www_root*]            - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
 #   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
@ -49,6 +50,7 @@ define nginx::resource::vhost(
  $ssl                    = false,
  $ssl_cert               = undef,
  $ssl_key                = undef,
+  $ssl_port		  = '443',
  $proxy                  = undef,
  $proxy_read_timeout     = $nginx::params::nx_proxy_read_timeout,
  $index_files            = ['index.html', 'index.htm', 'index.php'],
@ -80,13 +82,19 @@ define nginx::resource::vhost(

  # Use the File Fragment Pattern to construct the configuration files.
  # Create the base configuration file reference.
-  file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001":
-    ensure  => $ensure ? {
-      'absent' => absent,
-      default  => 'file',
-    },
-    content => template('nginx/vhost/vhost_header.erb'),
-    notify => Class['nginx::service'],
+  if ($listen_port != $ssl_port) {
+    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001":
+      ensure  => $ensure ? {
+        'absent' => absent,
+        default  => 'file',
+      },
+      content => template('nginx/vhost/vhost_header.erb'),
+      notify => Class['nginx::service'],
+    }
+  }
+  
+  if ($ssl == 'true') and ($ssl_port == $listen_port) {
+    $ssl_only = 'true'
  }

  # Create the default location reference for the vHost
@ -94,6 +102,7 @@ define nginx::resource::vhost(
    ensure               => $ensure,
    vhost                => $name,
    ssl                  => $ssl,
+    ssl_only             => $ssl_only,
    location             => '/',
    proxy                => $proxy,
    proxy_read_timeout   => $proxy_read_timeout,
@ -113,13 +122,15 @@ define nginx::resource::vhost(
    }
  }
  # Create a proper file close stub.
-  file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
-    ensure  => $ensure ? {
-      'absent' => absent,
-      default  => 'file',
-    },
-    content => template('nginx/vhost/vhost_footer.erb'),
-    notify  => Class['nginx::service'],
+  if ($listen_port != $ssl_port) {
+    file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
+      ensure  => $ensure ? {
+        'absent' => absent,
+        default  => 'file',
+      },
+      content => template('nginx/vhost/vhost_footer.erb'),
+      notify  => Class['nginx::service'],
+    }
  }

  # Create SSL File Stubs if SSL is enabled
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@ -1,5 +1,5 @@
 server {
-  listen       443;
+  listen       <%= ssl_port %>;
  <% if ipv6_enable == 'true' && (defined? ipaddress6) %>listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> default ipv6only=on;<% end %>
  server_name  <%= name %>;