1. Éric Veiras Galisson
  2. puppet-modules

Commits

Éric Veiras Galisson  committed 9f642ae

nginx: added ssl possibility to proxy and static site definitions

  • Participants
  • Parent commits 3e7719f
  • Branches default

Comments (0)

Files changed (5)

File nginx/README

View file
         index_files (optional, default: 'index.html index.htm'):
             specify files to be used as an index to the directory served
 
+        ssl (optional, default: false):
+            if true, activate ssl and uses /etc/nginx/ssl/$server_name.pem and .key
+             for the certificate and its key
+            if false, do not activate ssl
+            if another value, uses the name given to found certificate (with .pem)
+             and key (with .key) in /etc/nginx/ssl
+
         default_vhost (optional, default: false):
             is this vhost the default one?
 
              location $url1 { $content1 }
             you need to define yourself the block(s) to redirect to upstream(s)
 
+        ssl (optional, default: false):
+            if true, activate ssl and uses /etc/nginx/ssl/$server_name.pem and .key
+             for the certificate and its key
+            if false, do not activate ssl
+            if another value, uses the name given to found certificate (with .pem)
+             and key (with .key) in /etc/nginx/ssl
+
         default_vhost (optional, default: false):
             is this vhost the default one?
 

File nginx/manifests/site/proxy.pp

View file
                           $root_dir='',
                           $standard_location_block='',
                           $location_blocks={},
+                          $ssl=false,
                           $default_vhost=false,
                           $enabled=true) {
 
         true    => "${port} default",
         default => "${port}",
     }
+    $define_cert_basename = $ssl ? {
+        true    => "/etc/nginx/ssl/${server_name}",
+        false   => "",
+        default => "/etc/nginx/ssl/${ssl}",
+    }
     $src_filename = "/etc/nginx/sites-available/${name}"
     $dst_filename = "/etc/nginx/sites-enabled/${name}"
 

File nginx/manifests/site/static.pp

View file
                            $port='80',
                            $root_dir,
                            $index_files='index.html index.htm',
+                           $ssl=false,
                            $default_vhost=false,
                            $enabled=true) {
 
         true    => "${port} default",
         default => "${port}",
     }
+    $define_cert_basename = $ssl ? {
+        true    => "/etc/nginx/ssl/${server_name}",
+        false   => "",
+        default => "/etc/nginx/ssl/${ssl}",
+    }
 
     $src_filename = "/etc/nginx/sites-available/${name}"
     $dst_filename = "/etc/nginx/sites-enabled/${name}"

File nginx/templates/proxy.erb

View file
     access_log          /var/log/nginx/<%= server_name %>.access.log;
     error_log           /var/log/nginx/<%= server_name %>.error.log;
 
+    <% if define_cert_basename != '' %>ssl                 on;
+    ssl_certificate     <%= define_cert_basename %>.pem;
+    ssl_certificate_key <%= define_cert_basename %>.key;<% end %>
+
     <% if root_dir != '' %>root                <%= root_dir %>;<% end %>
 
     <% if standard_location_block != '' %>

File nginx/templates/static.erb

View file
     access_log          /var/log/nginx/<%= server_name %>.access.log;
     error_log           /var/log/nginx/<%= server_name %>.error.log;
 
+    <% if define_cert_basename != '' %>ssl                 on;
+    ssl_certificate     <%= define_cert_basename %>.pem;
+    ssl_certificate_key <%= define_cert_basename %>.key;<% end %>
+
     root                <%= root_dir %>;
     index               <%= index_files %>;
 }