From 53a042284300d957e11f10216f9e18a1eb070d40 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Tue, 24 Sep 2013 15:11:12 +0300
Subject: [PATCH] apache: Add support for port based SSL virtual hosts

---
 apache/manifests/debian.pp           |  2 +-
 apache/manifests/init.pp             | 14 ++++++++++++++
 apache/manifests/redhat.pp           |  2 +-
 apache/templates/site.https.conf.erb | 12 ++++++------
 4 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp
index 8313714..e69984a 100644
--- a/apache/manifests/debian.pp
+++ b/apache/manifests/debian.pp
@@ -184,7 +184,7 @@ class apache::debian::sslserver inherits apache::debian::common {
 }
 
 
-define apache::debian::sslsite($first, $hsts, $ipaddr, $root,
+define apache::debian::sslsite($first, $hsts, $ipaddr, $port, $root,
                                $ssl_cert, $ssl_key, $ssl_chain, $proxy) {
 
     if $name == "default" {
diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index 384d578..67aae8c 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -305,6 +305,18 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
         include apache::mod::headers
     }
 
+    if $name =~ /:([0-9]+)$/ {
+        $port = $1
+        if ! defined(Apache::Configfile["listen_${port}.conf"]) {
+            apache::configfile { "listen_${port}.conf":
+                http    => false,
+                content => "Listen ${port}\n",
+            }
+        }
+    } else {
+        $port = "443"
+    }
+
     case $::operatingsystem {
         "debian","ubuntu": {
             $apache_ssldir = "/etc/ssl"
@@ -312,6 +324,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
                 first     => $first,
                 hsts      => $hsts,
                 ipaddr    => $ipaddr,
+                port      => $port,
                 root      => $root,
                 ssl_cert  => $ssl_cert,
                 ssl_key   => $ssl_key,
@@ -326,6 +339,7 @@ define apache::sslsite($first=false, $hsts=false, $ipaddr="_default_", $root="",
                 first     => $first,
                 hsts      => $hsts,
                 ipaddr    => $ipaddr,
+                port      => $port,
                 root      => $root,
                 ssl_cert  => $ssl_cert,
                 ssl_key   => $ssl_key,
diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp
index e2fd7a3..86a41c1 100644
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@@ -223,7 +223,7 @@ class apache::redhat::sslserver {
 }
 
 
-define apache::redhat::sslsite($first, $hsts, $ipaddr, $root,
+define apache::redhat::sslsite($first, $hsts, $ipaddr, $port, $root,
                                $ssl_cert, $ssl_key, $ssl_chain, $proxy) {
 
     if $name == "default" {
diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb
index df199b6..87860ce 100644
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@@ -1,7 +1,7 @@
-<VirtualHost <%= @ipaddr %>:443>
+<VirtualHost <%= @ipaddr %>:<%= @port %>>
 
 # General setup for the virtual host, inherited from global configuration
-ServerName <%= @site_fqdn %>:443
+ServerName <%= @site_fqdn %>
 
 # Use separate log files for the SSL virtual host; note that LogLevel
 # is not inherited from httpd.conf.
@@ -156,11 +156,11 @@ BrowserMatch "MSIE [2-5]" \
 <% end -%>
 
 <% if @proxy != "" -%>
-  ProxyPass / <%= @proxy %>/
-  ProxyPassReverse / <%= @proxy %>/
+ProxyPass / <%= @proxy %>/
+ProxyPassReverse / <%= @proxy %>/
 <% else -%>
-  DocumentRoot /srv/www/https/<%= @site_fqdn %>
-  Include <%= @site_confdir %>/*.conf
+DocumentRoot /srv/www/https/<%= @site_fqdn %>
+Include <%= @site_confdir %>/*.conf
 <% end -%>
 
 </VirtualHost>