# manage configuration for nginxproxy class nginxproxy::config { $proxyurl = "${nginxproxy::proxy_scheme}://${nginxproxy::proxy_host}:${nginxproxy::proxy_port}${nginxproxy::proxy_path}" $server_names = unique([$facts['networking']['fqdn'], $nginxproxy::nginx_vhost] + $nginxproxy::nginx_aliases) case $nginxproxy::nginx_cert_type { 'vault': { $selected_ssl_cert = '/etc/pki/tls/vault/certificate.crt' $selected_ssl_key = '/etc/pki/tls/vault/private.key' } default: { $selected_ssl_cert = "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.crt" $selected_ssl_key = "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.key" } } case $nginxproxy::nginx_listen_mode { 'http': { $enable_ssl = false $ssl_cert = undef $ssl_key = undef $listen_port = $nginxproxy::nginx_port $listen_ssl_port = undef $extras_hash = {} } 'https': { $enable_ssl = true $ssl_cert = $selected_ssl_cert $ssl_key = $selected_ssl_key $listen_port = $nginxproxy::nginx_ssl_port $listen_ssl_port = $nginxproxy::nginx_ssl_port $extras_hash = { 'subscribe' => [File[$ssl_cert], File[$ssl_key]], } } default: { $enable_ssl = true $ssl_cert = $selected_ssl_cert $ssl_key = $selected_ssl_key $listen_port = $nginxproxy::nginx_port $listen_ssl_port = $nginxproxy::nginx_ssl_port $extras_hash = { 'subscribe' => [File[$ssl_cert], File[$ssl_key]], } } } $defaults = { 'listen_port' => $listen_port, 'server_name' => $server_names, 'use_default_location' => true, 'access_log' => "/var/log/nginx/${nginxproxy::nginx_vhost}_access.log", 'error_log' => "/var/log/nginx/${nginxproxy::nginx_vhost}_error.log", 'autoindex' => 'on', 'ssl' => $enable_ssl, 'ssl_cert' => $ssl_cert, 'ssl_key' => $ssl_key, 'ssl_port' => $listen_ssl_port, 'proxy' => $proxyurl, } $nginx_parameters = merge($defaults, $extras_hash) include 'nginx' create_resources('nginx::resource::server', { $nginxproxy::nginx_vhost => $nginx_parameters }) }