Opened 6 years ago

Closed 6 years ago

#245 closed change (fixed)

Unify SSL configuration for all servers

Reported by: trev Assignee: trev
Priority: P3 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: #124, #254 Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):



Currently each host has its own SSL configuration. As a result, some hosts use Strict-Transport-Security while others don't. Some put SSL certificates into /etc/nginx while others put them under /etc/nginx/sites-available. For the HTTP=>HTTPS redirect some will use whatever they got as Host header whereas others will use a fixed host name.

What to change

Add SSL certificate and private key as parameters of the Nginx::Hostconfig class. If these parameters it should make sure they are installed and generate all the boilerplate in the host configuration automatically. It should only be necessary to define the actual vhost configuration - switching from HTTP to HTTPS should be a matter of adding key parameters. This will make our nginx module less generic but much simpler to use.

Change History (6)

comment:1 Changed 6 years ago by trev

  • Blocking 124 added

comment:2 Changed 6 years ago by trev

  • Owner set to trev
  • Status changed from new to assigned

comment:3 Changed 6 years ago by trev

Turned out that rotating logs is also an issue, a few modules didn't even set up a custom log file for themselves. Also, none of the host configurations had SPDY enabled.

Last edited 6 years ago by trev (previous) (diff)

comment:4 Changed 6 years ago by trev

  • Review URL(s) modified (diff)
  • Status changed from assigned to reviewing

comment:5 Changed 6 years ago by trev

  • Blocking 254 added

comment:6 Changed 6 years ago by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.