Skip to content
This repository has been archived by the owner on Jun 11, 2019. It is now read-only.

Parameterize apache::ssl #81

Open
jorymil opened this issue Apr 2, 2015 · 2 comments
Open

Parameterize apache::ssl #81

jorymil opened this issue Apr 2, 2015 · 2 comments

Comments

@jorymil
Copy link

jorymil commented Apr 2, 2015

Hi folks,

example42-apache does exactly what we need it do--give us a barebones, RHEL-default Apache installation. We now need to tweak our SSL parameters. While we could use a separate Puppet module, keeping it all in the family, as it were, is more appealing.

In particular, my organization needs parameters to set:

  • SSLProtocol
  • SSLCipherSuite
  • SSLCertificateFile
  • SSLCertificateKeyFile
  • SSLCertificateChainFile
  • SSLHonorCipherSuite

Obviously, there's so many Apache config parameters out there, but these would be a good place to start. Is this something you'd be willing to include, either in apache::ssl or apache::vhost ? I've forked the repository, and am currently working on a patch for this limited set of parameters.

@johnmill
Copy link

johnmill commented Apr 2, 2015

Looking at pull request #76 , looks like there's an option for an ssl_template, so we may be able to solve this with that patch, along with an $ssl_options parameter that's similar to the $options parameter from init.pp. However, there's an SSLOptions parameter in mod_ssl, which would make $ssl_options somewhat ambiguous. Given that the main class uses $options for its Apache parameters, I'm going to continue with the same interface for apache::ssl and create an $ssl_options hash.

Or would it be preferable to use the main $apache::params::options for the SSL parameters as well?

@alvagante
Copy link
Member

Do you need to tweak the SSL related directives in vhosts fles on in ssl.conf?
In the first case I'd add to apache::vhost a pameter for a generic options hash whose key values a be used in custom templates, in the second case I'd add parametesr to manage the template and options for custom versions of ssl.conf

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants