|
28
|
1 |
class apache::mod::ssl ( |
|
|
2 |
$ssl_compression = false, |
|
|
3 |
$ssl_cryptodevice = 'builtin', |
|
|
4 |
$ssl_options = [ 'StdEnvVars' ], |
|
|
5 |
$ssl_openssl_conf_cmd = undef, |
|
|
6 |
$ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4', |
|
|
7 |
$ssl_honorcipherorder = 'On', |
|
|
8 |
$ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ], |
|
|
9 |
$ssl_pass_phrase_dialog = 'builtin', |
|
|
10 |
$ssl_random_seed_bytes = '512', |
|
|
11 |
$ssl_sessioncachetimeout = '300', |
|
|
12 |
$apache_version = $::apache::apache_version, |
|
|
13 |
$package_name = undef, |
|
|
14 |
) { |
|
|
15 |
|
|
|
16 |
case $::osfamily { |
|
|
17 |
'debian': { |
|
|
18 |
if versioncmp($apache_version, '2.4') >= 0 { |
|
|
19 |
$ssl_mutex = 'default' |
|
|
20 |
} elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' { |
|
|
21 |
$ssl_mutex = 'file:/var/run/apache2/ssl_mutex' |
|
|
22 |
} else { |
|
|
23 |
$ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex" |
|
|
24 |
} |
|
|
25 |
} |
|
|
26 |
'redhat': { |
|
|
27 |
$ssl_mutex = 'default' |
|
|
28 |
} |
|
|
29 |
'freebsd': { |
|
|
30 |
$ssl_mutex = 'default' |
|
|
31 |
} |
|
|
32 |
'gentoo': { |
|
|
33 |
$ssl_mutex = 'default' |
|
|
34 |
} |
|
|
35 |
'Suse': { |
|
|
36 |
$ssl_mutex = 'default' |
|
|
37 |
} |
|
|
38 |
default: { |
|
|
39 |
fail("Unsupported osfamily ${::osfamily}") |
|
|
40 |
} |
|
|
41 |
} |
|
|
42 |
|
|
|
43 |
$session_cache = $::osfamily ? { |
|
|
44 |
'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)", |
|
|
45 |
'redhat' => '/var/cache/mod_ssl/scache(512000)', |
|
|
46 |
'freebsd' => '/var/run/ssl_scache(512000)', |
|
|
47 |
'gentoo' => '/var/run/ssl_scache(512000)', |
|
|
48 |
'Suse' => '/var/lib/apache2/ssl_scache(512000)' |
|
|
49 |
} |
|
|
50 |
|
|
|
51 |
::apache::mod { 'ssl': |
|
|
52 |
package => $package_name, |
|
|
53 |
} |
|
|
54 |
|
|
|
55 |
if versioncmp($apache_version, '2.4') >= 0 { |
|
|
56 |
::apache::mod { 'socache_shmcb': } |
|
|
57 |
} |
|
|
58 |
|
|
|
59 |
# Template uses |
|
|
60 |
# |
|
|
61 |
# $ssl_compression |
|
|
62 |
# $ssl_cryptodevice |
|
|
63 |
# $ssl_cipher |
|
|
64 |
# $ssl_honorcipherorder |
|
|
65 |
# $ssl_options |
|
|
66 |
# $ssl_openssl_conf_cmd |
|
|
67 |
# $session_cache |
|
|
68 |
# $ssl_mutex |
|
|
69 |
# $ssl_random_seed_bytes |
|
|
70 |
# $ssl_sessioncachetimeout |
|
|
71 |
# $apache_version |
|
|
72 |
# |
|
|
73 |
file { 'ssl.conf': |
|
|
74 |
ensure => file, |
|
|
75 |
path => "${::apache::mod_dir}/ssl.conf", |
|
|
76 |
content => template('apache/mod/ssl.conf.erb'), |
|
|
77 |
require => Exec["mkdir ${::apache::mod_dir}"], |
|
|
78 |
before => File[$::apache::mod_dir], |
|
|
79 |
notify => Class['apache::service'], |
|
|
80 |
} |
|
|
81 |
} |