provides ssl_client_verify support
This commit is contained in:
James R. Carr
parent
13b2e4493d
commit
e333db6c39
2 changed files with 16 additions and 0 deletions
|
|
@ -44,6 +44,8 @@
|
||||||
# vhost.
|
# vhost.
|
||||||
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
|
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
|
||||||
# for SSL Support. This is not generated by this module.
|
# for SSL Support. This is not generated by this module.
|
||||||
|
# [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference
|
||||||
|
# for client verify SSL Support. This is not generated by this module.
|
||||||
# [*ssl_dhparam*] - This directive specifies a file containing
|
# [*ssl_dhparam*] - This directive specifies a file containing
|
||||||
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
|
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
|
||||||
# format, utilized for exchanging session keys between server and client.
|
# format, utilized for exchanging session keys between server and client.
|
||||||
|
|
@ -162,6 +164,7 @@ define nginx::resource::vhost (
|
||||||
$ssl = false,
|
$ssl = false,
|
||||||
$ssl_listen_option = true,
|
$ssl_listen_option = true,
|
||||||
$ssl_cert = undef,
|
$ssl_cert = undef,
|
||||||
|
$ssl_client_cert = undef,
|
||||||
$ssl_dhparam = undef,
|
$ssl_dhparam = undef,
|
||||||
$ssl_key = undef,
|
$ssl_key = undef,
|
||||||
$ssl_port = '443',
|
$ssl_port = '443',
|
||||||
|
|
@ -262,6 +265,9 @@ define nginx::resource::vhost (
|
||||||
if ($ssl_cert != undef) {
|
if ($ssl_cert != undef) {
|
||||||
validate_string($ssl_cert)
|
validate_string($ssl_cert)
|
||||||
}
|
}
|
||||||
|
if ($ssl_client_cert != undef) {
|
||||||
|
validate_string($ssl_cert)
|
||||||
|
}
|
||||||
validate_bool($ssl_listen_option)
|
validate_bool($ssl_listen_option)
|
||||||
if ($ssl_dhparam != undef) {
|
if ($ssl_dhparam != undef) {
|
||||||
validate_string($ssl_dhparam)
|
validate_string($ssl_dhparam)
|
||||||
|
|
@ -605,6 +611,12 @@ define nginx::resource::vhost (
|
||||||
mode => '0444',
|
mode => '0444',
|
||||||
source => $ssl_cert,
|
source => $ssl_cert,
|
||||||
})
|
})
|
||||||
|
|
||||||
|
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.client.crt", {
|
||||||
|
owner => $::nginx::config::daemon_user,
|
||||||
|
mode => '0444',
|
||||||
|
source => $ssl_client_cert,
|
||||||
|
})
|
||||||
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.key", {
|
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.key", {
|
||||||
owner => $::nginx::config::daemon_user,
|
owner => $::nginx::config::daemon_user,
|
||||||
mode => '0440',
|
mode => '0440',
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,10 @@ server {
|
||||||
|
|
||||||
ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
|
ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
|
||||||
ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
|
ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
|
||||||
|
<% if defined? @ssl_client_cert -%>
|
||||||
|
ssl_client_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.client.crt;
|
||||||
|
ssl_verify_client on;
|
||||||
|
<% end -%>
|
||||||
<% if defined? @ssl_dhparam -%>
|
<% if defined? @ssl_dhparam -%>
|
||||||
ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
|
ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
|
||||||
<% end -%>
|
<% end -%>
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue