puppet-prod/modules/nginxproxy/manifests/config.pp

# manage configuration for nginxproxy
class nginxproxy::config {
  $proxyurl = "${nginxproxy::proxy_scheme}://${nginxproxy::proxy_host}:${nginxproxy::proxy_port}${nginxproxy::proxy_path}"
  $server_names = unique([$facts['networking']['fqdn'], $nginxproxy::nginx_vhost] + $nginxproxy::nginx_aliases)

  case $nginxproxy::nginx_cert_type {
    'vault': {
      $selected_ssl_cert = '/etc/pki/tls/vault/certificate.crt'
      $selected_ssl_key  = '/etc/pki/tls/vault/private.key'
    }
    default: {
      $selected_ssl_cert = "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.crt"
      $selected_ssl_key  = "/etc/pki/tls/puppet/${facts['networking']['fqdn']}.key"
    }
  }

  case $nginxproxy::nginx_listen_mode {
    'http': {
      $enable_ssl = false
      $ssl_cert = undef
      $ssl_key = undef
      $listen_port = $nginxproxy::nginx_port
      $listen_ssl_port = undef
      $extras_hash = {}
    }
    'https': {
      $enable_ssl = true
      $ssl_cert = $selected_ssl_cert
      $ssl_key = $selected_ssl_key
      $listen_port = $nginxproxy::nginx_ssl_port
      $listen_ssl_port = $nginxproxy::nginx_ssl_port
      $extras_hash = {
        'subscribe' => [File[$ssl_cert], File[$ssl_key]],
      }
    }
    default: {
      $enable_ssl = true
      $ssl_cert = $selected_ssl_cert
      $ssl_key = $selected_ssl_key
      $listen_port = $nginxproxy::nginx_port
      $listen_ssl_port = $nginxproxy::nginx_ssl_port
      $extras_hash = {
        'subscribe' => [File[$ssl_cert], File[$ssl_key]],
      }
    }
  }

  $defaults = {
    'listen_port'          => $listen_port,
    'server_name'          => $server_names,
    'use_default_location' => true,
    'access_log'           => "/var/log/nginx/${nginxproxy::nginx_vhost}_access.log",
    'error_log'            => "/var/log/nginx/${nginxproxy::nginx_vhost}_error.log",
    'autoindex'            => 'on',
    'ssl'                  => $enable_ssl,
    'ssl_cert'             => $ssl_cert,
    'ssl_key'              => $ssl_key,
    'ssl_port'             => $listen_ssl_port,
    'proxy'                => $proxyurl,
  }

  $nginx_parameters = merge($defaults, $extras_hash)

  include 'nginx'

  create_resources('nginx::resource::server', { $nginxproxy::nginx_vhost => $nginx_parameters })
}