From 68ac64b13f4687bcc87c594097fab52501ba7991 Mon Sep 17 00:00:00 2001 From: Ossi Salmi Date: Thu, 31 Jan 2013 20:53:08 +0200 Subject: [PATCH] Added 'first' parameter to apache::sslsite When set to true, ensures the site configuration is loaded first, thus becoming the default virtual host when NameVirtualHost (and SNI) is used. --- apache/manifests/debian.pp | 12 +++++++++--- apache/manifests/init.pp | 7 ++++++- apache/manifests/redhat.pp | 12 +++++++++--- 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/apache/manifests/debian.pp b/apache/manifests/debian.pp index 41e6181..2cefa81 100644 --- a/apache/manifests/debian.pp +++ b/apache/manifests/debian.pp @@ -180,7 +180,8 @@ class apache::debian::sslserver inherits apache::debian::common { } -define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) { +define apache::debian::sslsite($first, $ipaddr, $root, + $ssl_cert, $ssl_key, $ssl_chain) { if $name == "default" { $site_fqdn = $homename @@ -253,8 +254,13 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) } } - $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf" - $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d" + if $first == true { + $site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf" + $site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d" + } else { + $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf" + $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d" + } file { $site_conf: ensure => present, diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp index 7a6ec23..cbfea9b 100644 --- a/apache/manifests/init.pp +++ b/apache/manifests/init.pp @@ -248,6 +248,9 @@ class apache::sslserver::listen { # # $name: # FQDN of virtual host. +# $first: +# Bool for whether this is the first (default) vhost +# when using NameVirtualHost. Defaults to false. # $ipaddr: # IP address of virtual host. Defaults to _default_. # $root: @@ -267,7 +270,7 @@ class apache::sslserver::listen { # ssl_key => "puppet:///path/to/www.example.com.key", # } # -define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") { +define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") { include apache::sslserver::listen @@ -275,6 +278,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", "debian","ubuntu": { $apache_ssldir = "/etc/ssl" apache::debian::sslsite { $name: + first => $first, ipaddr => $ipaddr, root => $root, ssl_cert => $ssl_cert, @@ -286,6 +290,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", "centos","redhat","fedora": { $apache_ssldir = "/etc/pki/tls" apache::redhat::sslsite { $name: + first => $first, ipaddr => $ipaddr, root => $root, ssl_cert => $ssl_cert, diff --git a/apache/manifests/redhat.pp b/apache/manifests/redhat.pp index eba1b58..023efe5 100644 --- a/apache/manifests/redhat.pp +++ b/apache/manifests/redhat.pp @@ -219,7 +219,8 @@ class apache::redhat::sslserver { } -define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) { +define apache::redhat::sslsite($first, $ipaddr, $root, + $ssl_cert, $ssl_key, $ssl_chain) { if $name == "default" { $site_fqdn = $homename @@ -293,8 +294,13 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) } } - $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf" - $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d" + if $first == true { + $site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf" + $site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d" + } else { + $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf" + $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d" + } file { $site_conf: ensure => present,