module-nginx/templates/vhost/vhost_ssl_header.erb

26 lines
1.3 KiB
Text

server {
listen <%= listen_ip %>:<%= ssl_port %> ssl<% if spdy == 'on' %> spdy<% end %><% if @listen_options %><%= listen_options %><% end %>;
<% if ipv6_enable == 'true' && (defined? ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %>
server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
ssl on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_protocols <%= ssl_protocols %>;
ssl_ciphers <%= ssl_ciphers %>;
ssl_prefer_server_ciphers on;
<% if auth_basic != :undef -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if auth_basic_user_file != :undef -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= name %>.access.log;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= name %>.error.log;