Skip to content

Commit

Permalink
dont deploy "ssl on" on nginx 1.15 or newer
Browse files Browse the repository at this point in the history
fixes voxpupuli#1224. the option 'ssl on' within a server block is deprecated since nginx 1.15.0.
  • Loading branch information
bastelfreak committed Jul 7, 2018
1 parent f48c4b3 commit c1602e2
Show file tree
Hide file tree
Showing 5 changed files with 55 additions and 2 deletions.
1 change: 1 addition & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,7 @@
$nginx_servers = {},
$nginx_servers_defaults = {},
Boolean $purge_passenger_repo = true,
Boolean $add_listen_directive = $nginx::params::add_listen_directive,
### END Hiera Lookups ###
) inherits nginx::params {

Expand Down
6 changes: 6 additions & 0 deletions manifests/params.pp
Original file line number Diff line number Diff line change
Expand Up @@ -121,5 +121,11 @@
$sites_available_group = $_module_parameters['root_group']
$sites_available_mode = '0644'
$super_user = true
if fact('nginx_version') {
# enable only for releases that are older than 1.15.0
$add_listen_directive = versioncmp(fact('nginx_version'), '1.15.0') < 0
} else {
$add_listen_directive = true
}
### END Referenced Variables
}
4 changes: 3 additions & 1 deletion manifests/resource/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@
# [*error_pages*] - Hash: setup errors pages, hash key is the http code and hash value the page
# [*locations*] - Hash of servers resources used by this server
# [*locations_defaults*] - Hash of location default settings
# [*add_listen_directive*] - Boolean to determine if we should add 'ssl on;' to the vhost or not. defaults to true for nginx 1.14 and older, otherwise false
# Actions:
#
# Requires:
Expand Down Expand Up @@ -260,7 +261,8 @@
String $maintenance_value = 'return 503',
$error_pages = undef,
Hash $locations = {},
Hash $locations_defaults = {}
Hash $locations_defaults = {},
Boolean $add_listen_directive = $nginx::add_listen_directive,
) {

if ! defined(Class['nginx']) {
Expand Down
43 changes: 43 additions & 0 deletions spec/defines/resource_server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -425,6 +425,49 @@
end

describe 'server_ssl_header template content' do
context 'without a value for the nginx_version fact do' do
let :facts do
facts[:nginx_version] ? facts.delete(:nginx_version) : facts
end
let :params do
default_params.merge(
ssl: true,
ssl_key: 'dummy.key',
ssl_cert: 'dummy.crt'
)
end

it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) }
end
context 'with fact nginx_version=1.14.1' do
let :facts do
facts.merge(nginx_version: '1.14.1')
end
let :params do
default_params.merge(
ssl: true,
ssl_key: 'dummy.key',
ssl_cert: 'dummy.crt'
)
end

it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) }
end

context 'with fact nginx_version=1.15.1' do
let :facts do
facts.merge(nginx_version: '1.15.1')
end
let :params do
default_params.merge(
ssl: true,
ssl_key: 'dummy.key',
ssl_cert: 'dummy.crt'
)
end

it { is_expected.not_to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) }
end
[
{
title: 'should not contain www to non-www rewrite',
Expand Down
3 changes: 2 additions & 1 deletion templates/server/server_ssl_settings.erb
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
<% if @add_listen_directive -%>
ssl on;

<% end -%>
<% if @ssl_cert -%>
ssl_certificate <%= @ssl_cert %>;
<% end -%>
Expand Down

0 comments on commit c1602e2

Please sign in to comment.