|
@@ -44,6 +44,8 @@
|
|
|
# vhost.
|
|
|
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
|
|
|
# for SSL Support. This is not generated by this module.
|
|
|
+# [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference
|
|
|
+# for client verify SSL Support. This is not generated by this module.
|
|
|
# [*ssl_dhparam*] - This directive specifies a file containing
|
|
|
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
|
|
|
# format, utilized for exchanging session keys between server and client.
|
|
@@ -162,6 +164,7 @@ define nginx::resource::vhost (
|
|
|
$ssl = false,
|
|
|
$ssl_listen_option = true,
|
|
|
$ssl_cert = undef,
|
|
|
+ $ssl_client_cert = undef,
|
|
|
$ssl_dhparam = undef,
|
|
|
$ssl_key = undef,
|
|
|
$ssl_port = '443',
|
|
@@ -262,6 +265,9 @@ define nginx::resource::vhost (
|
|
|
if ($ssl_cert != undef) {
|
|
|
validate_string($ssl_cert)
|
|
|
}
|
|
|
+ if ($ssl_client_cert != undef) {
|
|
|
+ validate_string($ssl_cert)
|
|
|
+ }
|
|
|
validate_bool($ssl_listen_option)
|
|
|
if ($ssl_dhparam != undef) {
|
|
|
validate_string($ssl_dhparam)
|
|
@@ -605,6 +611,12 @@ define nginx::resource::vhost (
|
|
|
mode => '0444',
|
|
|
source => $ssl_cert,
|
|
|
})
|
|
|
+
|
|
|
+ ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.client.crt", {
|
|
|
+ owner => $::nginx::config::daemon_user,
|
|
|
+ mode => '0444',
|
|
|
+ source => $ssl_client_cert,
|
|
|
+ })
|
|
|
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.key", {
|
|
|
owner => $::nginx::config::daemon_user,
|
|
|
mode => '0440',
|