1 class apache::mod::ssl (

     2   $ssl_compression         = false,

     3   $ssl_cryptodevice        = 'builtin',

     4   $ssl_options             = [ 'StdEnvVars' ],

     5   $ssl_openssl_conf_cmd    = undef,

     6   $ssl_cipher              = 'HIGH:MEDIUM:!aNULL:!MD5:!RC4',

     7   $ssl_honorcipherorder    = 'On',

     8   $ssl_protocol            = [ 'all', '-SSLv2', '-SSLv3' ],

     9   $ssl_pass_phrase_dialog  = 'builtin',

    10   $ssl_random_seed_bytes   = '512',

    11   $ssl_sessioncachetimeout = '300',

    12   $apache_version          = $::apache::apache_version,

    13   $package_name            = undef,

    14 ) {

    15 

    16   case $::osfamily {

    17     'debian': {

    18       if versioncmp($apache_version, '2.4') >= 0 {

    19         $ssl_mutex = 'default'

    20       } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {

    21         $ssl_mutex = 'file:/var/run/apache2/ssl_mutex'

    22       } else {

    23         $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"

    24       }

    25     }

    26     'redhat': {

    27       $ssl_mutex = 'default'

    28     }

    29     'freebsd': {

    30       $ssl_mutex = 'default'

    31     }

    32     'gentoo': {

    33       $ssl_mutex = 'default'

    34     }

    35     'Suse': {

    36       $ssl_mutex = 'default'

    37     }

    38     default: {

    39       fail("Unsupported osfamily ${::osfamily}")

    40     }

    41   }

    42 

    43   $session_cache = $::osfamily ? {

    44     'debian'  => "\${APACHE_RUN_DIR}/ssl_scache(512000)",

    45     'redhat'  => '/var/cache/mod_ssl/scache(512000)',

    46     'freebsd' => '/var/run/ssl_scache(512000)',

    47     'gentoo'  => '/var/run/ssl_scache(512000)',

    48     'Suse'    => '/var/lib/apache2/ssl_scache(512000)'

    49   }

    50 

    51   ::apache::mod { 'ssl':

    52     package => $package_name,

    53   }

    54 

    55   if versioncmp($apache_version, '2.4') >= 0 {

    56     ::apache::mod { 'socache_shmcb': }

    57   }

    58 

    59   # Template uses

    60   #

    61   # $ssl_compression

    62   # $ssl_cryptodevice

    63   # $ssl_cipher

    64   # $ssl_honorcipherorder

    65   # $ssl_options

    66   # $ssl_openssl_conf_cmd

    67   # $session_cache

    68   # $ssl_mutex

    69   # $ssl_random_seed_bytes

    70   # $ssl_sessioncachetimeout

    71   # $apache_version

    72   #

    73   file { 'ssl.conf':

    74     ensure  => file,

    75     path    => "${::apache::mod_dir}/ssl.conf",

    76     content => template('apache/mod/ssl.conf.erb'),

    77     require => Exec["mkdir ${::apache::mod_dir}"],

    78     before  => File[$::apache::mod_dir],

    79     notify  => Class['apache::service'],

    80   }

    81 }