Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need help using the vhost resource #60

Closed
chaoranxie opened this issue May 29, 2013 · 2 comments
Closed

Need help using the vhost resource #60

chaoranxie opened this issue May 29, 2013 · 2 comments

Comments

@chaoranxie
Copy link

Hi i am trying to use the vhost resource to generate a "simple" vhost config to basically do 2 things.

  1. one redirecting 80 to 443
  2. Setup 443 to use ldap( this is just extra prepend/append configs i think)

Not sure if am using the vhost right so any help is appreciated. Thanks

The code i want to generate is following

#Setup to redirect to 443 from 80
server {
  listen *:80;
  server_name  myservername.mycompany.net;
  rewrite ^ https://$server_name$request_uri? permanent;
}

#Setup  to use ldap
server {
  listen 443 ssl default_server;
  server_name                 myservername.mycompany.net;
  access_log                  /var/log/nginx/myservername.mycompany.net.net.access.log;
  #Just some ssl config
  ssl_session_cache           shared:SSL:10m;
  ssl_session_timeout         10m;
  ssl_prefer_server_ciphers   on;
  ssl_protocols               SSLv3 TLSv1;
  ssl_ciphers                 RC4-SHA:HIGH:!MD5:!aNULL:!AFH:!kEFG;
  ssl_certificate             /etc/pki/tls/certs/mycompany.chained.for.nginx;
  ssl_certificate_key        /etc/pki/tls/private/mycompany.key;
  #just some ssl config

  location / {
    #some ldap config
    auth_ldap         "LDAP login";
    auth_ldap_require valid_user;
    auth_ldap_require user  'ou=people,dc=mycompany,dc=net';
    auth_ldap_satisfy any;
    proxy_pass         http://sensu_app;
    proxy_read_timeout 90;
  }
}

I tried to following code snippet but it didnt generate the full config like i want it to.

  nginx::resource::vhost { 'sensu':
      ensure      => present,
      proxy       => 'http://sensu_app',
      server_name => ['myservername.mycompany.net],
      listen_port => 443,
      ssl         => true,
      ssl_cert    => '/etc/pki/tls/certs/mycompany.chained.for.nginx',
      ssl_key     => '/etc/pki/tls/private/mycompany.key',
      ssl_port    => '443',
      rewrite_to_https => true,
      vhost_cfg_append => {'ssl_session_cache'   => 'shared:SSL:10m',
                           'ssl_session_timeout' => 'ssl_prefer_server_ciphers',
                           'ssl_protocols'       => 'SSLv3 TLSv1',
                           'ssl_ciphers'         => 'RC4-SHA:HIGH:!MD5:!aNULL:!AFH:!kEFG',
                           'ssl_session_timeout' => 'ssl_prefer_server_ciphers',
                          },
      location_cfg_append => {'append'=>'values'},
      location_cfg_prepend => {'prepend'=>'values'},

}
@zoide
Copy link
Contributor

zoide commented May 29, 2013

Hi, in this version, the comparison of 'ssl => true' is not boolean.

Please use: "ssl => 'true'"

See also: https://github.com/jfryman/puppet-nginx/blob/master/manifests/resource/vhost.pp#L134 where this happens. Note, there are some more places. I have fixed that in my fork github.com/zoide/puppet-nginx
There are other deviations in my fork though....

@jfryman
Copy link
Contributor

jfryman commented May 29, 2013

The PR that @zoide just introduced should fix this. Thanks!

@jfryman jfryman closed this as completed May 29, 2013
hunner pushed a commit to hunner/puppetlabs-nginx that referenced this issue May 1, 2014
Merge pull request voxpupuli#60 from puppetlabs/die-die-die
08fa770 
This module is now dead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zoide @jfryman @chaoranxie