Opened on 04/02/2014 at 06:32:54 AM
Closed on 04/10/2014 at 09:07:57 AM
#245 closed change (fixed)
Unify SSL configuration for all servers
Reported by: | trev | Assignee: | trev |
---|---|---|---|
Priority: | P3 | Milestone: | |
Module: | Infrastructure | Keywords: | |
Cc: | Blocked By: | ||
Blocking: | #124, #254 | Platform: | |
Ready: | yes | Confidential: | no |
Tester: | Verified working: | no | |
Review URL(s): |
Description
Background
Currently each host has its own SSL configuration. As a result, some hosts use Strict-Transport-Security while others don't. Some put SSL certificates into /etc/nginx while others put them under /etc/nginx/sites-available. For the HTTP=>HTTPS redirect some will use whatever they got as Host header whereas others will use a fixed host name.
What to change
Add SSL certificate and private key as parameters of the Nginx::Hostconfig class. If these parameters it should make sure they are installed and generate all the boilerplate in the host configuration automatically. It should only be necessary to define the actual vhost configuration - switching from HTTP to HTTPS should be a matter of adding key parameters. This will make our nginx module less generic but much simpler to use.
Attachments (0)
Change History (6)
comment:1 Changed on 04/02/2014 at 11:24:08 AM by trev
- Blocking 124 added
comment:2 Changed on 04/02/2014 at 11:24:28 AM by trev
- Owner set to trev
- Status changed from new to assigned
comment:3 Changed on 04/02/2014 at 11:25:42 AM by trev
comment:4 Changed on 04/02/2014 at 02:06:50 PM by trev
- Review URL(s) modified (diff)
- Status changed from assigned to reviewing
comment:5 Changed on 04/08/2014 at 10:36:49 AM by trev
- Blocking 254 added
comment:6 Changed on 04/10/2014 at 09:07:57 AM by trev
- Resolution set to fixed
- Status changed from reviewing to closed
Turned out that rotating logs is also an issue, a few modules didn't even set up a custom log file for themselves. Also, none of the host configurations had SPDY enabled.