+++ /dev/null
-class apache::mod::ssl (
- $ssl_compression = false,
- $ssl_cryptodevice = 'builtin',
- $ssl_options = [ 'StdEnvVars' ],
- $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
- $ssl_honorcipherorder = 'On',
- $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
- $ssl_pass_phrase_dialog = 'builtin',
- $ssl_random_seed_bytes = '512',
- $ssl_sessioncachetimeout = '300',
- $apache_version = $::apache::apache_version,
- $package_name = undef,
-) {
- $session_cache = $::osfamily ? {
- 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)",
- 'redhat' => '/var/cache/mod_ssl/scache(512000)',
- 'freebsd' => '/var/run/ssl_scache(512000)',
- 'gentoo' => '/var/run/ssl_scache(512000)',
- }
-
- case $::osfamily {
- 'debian': {
- if versioncmp($apache_version, '2.4') >= 0 {
- $ssl_mutex = 'default'
- } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
- $ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
- } else {
- $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
- }
- }
- 'redhat': {
- $ssl_mutex = 'default'
- }
- 'freebsd': {
- $ssl_mutex = 'default'
- }
- 'gentoo': {
- $ssl_mutex = 'default'
- }
- default: {
- fail("Unsupported osfamily ${::osfamily}")
- }
- }
-
- ::apache::mod { 'ssl':
- package => $package_name,
- }
-
- if versioncmp($apache_version, '2.4') >= 0 {
- ::apache::mod { 'socache_shmcb': }
- }
-
- # Template uses
- #
- # $ssl_compression
- # $ssl_cryptodevice
- # $ssl_cipher
- # $ssl_honorcipherorder
- # $ssl_options
- # $session_cache
- # $ssl_mutex
- # $ssl_random_seed_bytes
- # $ssl_sessioncachetimeout
- # $apache_version
- #
- file { 'ssl.conf':
- ensure => file,
- path => "${::apache::mod_dir}/ssl.conf",
- content => template('apache/mod/ssl.conf.erb'),
- require => Exec["mkdir ${::apache::mod_dir}"],
- before => File[$::apache::mod_dir],
- notify => Class['apache::service'],
- }
-}