modules/nginx/manifests/init.pp - Issue 29344656: Issue 4078 - Apply Nginx work-around for CVE-2015-4000

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: modules/nginx/manifests/init.pp

Issue 29344656: Issue 4078 - Apply Nginx work-around for CVE-2015-4000 (Closed)

Patch Set: Created May 26, 2016, 10:30 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 class nginx (	1 class nginx (

2 $worker_processes = $nginx::params::worker_processes,	2 $worker_processes = $nginx::params::worker_processes,

3 $worker_connections = $nginx::params::worker_connections,	3 $worker_connections = $nginx::params::worker_connections,

4 $ssl_session_cache = $nginx::params::ssl_session_cache,	4 $ssl_session_cache = $nginx::params::ssl_session_cache,

5 $geoip_country = undef,	5 $geoip_country = undef,

6 $geoip_city = undef,	6 $geoip_city = undef,

7 ) inherits nginx::params {	7 ) inherits nginx::params {

8	8

9 apt::ppa {'ppa:nginx/stable':	9 apt::ppa {'ppa:nginx/stable':

10 }	10 }

(...skipping 47 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
58 ensure => directory,	58 ensure => directory,

59 require => Package['nginx']	59 require => Package['nginx']

60 }	60 }

61	61

62 file {'/var/cache/nginx':	62 file {'/var/cache/nginx':

63 before => Service['nginx'],	63 before => Service['nginx'],

64 ensure => directory,	64 ensure => directory,

65 require => Package['nginx'],	65 require => Package['nginx'],

66 }	66 }

67	67

	68 @file {'/etc/nginx/dhparam.pem':

	69 ensure => 'present',

	70 mode => 0600,

	71 notify => Service['nginx'],

	72 require => Package['nginx'],

	73 source => 'puppet:///modules/private/dhe_rsa_export.pem',

	74 }

	75

68 define hostconfig (	76 define hostconfig (

69 $domain = $title,	77 $domain = $title,

70 $alt_names = [],	78 $alt_names = [],

71 $log,	79 $log,

72 $log_format = 'main',	80 $log_format = 'main',

73 $is_default = false,	81 $is_default = false,

74 $source = undef,	82 $source = undef,

75 $content = undef,	83 $content = undef,

76 $global_config = undef,	84 $global_config = undef,

77 $certificate = undef,	85 $certificate = undef,

78 $private_key = undef,	86 $private_key = undef,

79 $enabled = true) {	87 $enabled = true) {

80 file {"/etc/nginx/sites-available/${domain}":	88 file {"/etc/nginx/sites-available/${domain}":

81 ensure => file,	89 ensure => file,

82 content => template('nginx/site.erb'),	90 content => template('nginx/site.erb'),

83 require => Package['nginx'],	91 require => Package['nginx'],

84 notify => Service['nginx'],	92 notify => Service['nginx'],

85 }	93 }

86	94

87 if $certificate and $private_key {	95 if $certificate and $private_key {

	96 realize(File['/etc/nginx/dhparam.pem'])

	97

88 if !defined(File["/etc/nginx/${certificate}"]) {	98 if !defined(File["/etc/nginx/${certificate}"]) {

89 file {"/etc/nginx/${certificate}":	99 file {"/etc/nginx/${certificate}":

90 ensure => file,	100 ensure => file,

91 mode => 0400,	101 mode => 0400,

92 notify => Service['nginx'],	102 notify => Service['nginx'],

93 before => File["/etc/nginx/sites-available/${domain}"],	103 before => File["/etc/nginx/sites-available/${domain}"],

94 require => Package['nginx'],	104 require => Package['nginx'],

95 source => "puppet:///modules/private/${certificate}"	105 source => "puppet:///modules/private/${certificate}"

96 }	106 }

97 }	107 }

(...skipping 96 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
194 subscribe => File['/etc/nginx/nginx.conf'],	204 subscribe => File['/etc/nginx/nginx.conf'],

195 }	205 }

196	206

197 file {'/usr/share/nginx/html/50x.html':	207 file {'/usr/share/nginx/html/50x.html':

198 mode => 0644,	208 mode => 0644,

199 owner => 'root',	209 owner => 'root',

200 require => Package['nginx'],	210 require => Package['nginx'],

201 source => 'puppet:///modules/nginx/50x.html',	211 source => 'puppet:///modules/nginx/50x.html',

202 }	212 }

203 }	213 }

OLD	NEW

« no previous file with comments | « no previous file | modules/nginx/templates/site.erb » ('j') | no next file with comments »