Opened on 04/02/2014 at 06:32:54 AM

Closed on 04/10/2014 at 09:07:57 AM

#245 closed change (fixed)

Unify SSL configuration for all servers

Reported by: trev Assignee: trev
Priority: P3 Milestone:
Module: Infrastructure Keywords:
Cc: Blocked By:
Blocking: #124, #254 Platform:
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):



Currently each host has its own SSL configuration. As a result, some hosts use Strict-Transport-Security while others don't. Some put SSL certificates into /etc/nginx while others put them under /etc/nginx/sites-available. For the HTTP=>HTTPS redirect some will use whatever they got as Host header whereas others will use a fixed host name.

What to change

Add SSL certificate and private key as parameters of the Nginx::Hostconfig class. If these parameters it should make sure they are installed and generate all the boilerplate in the host configuration automatically. It should only be necessary to define the actual vhost configuration - switching from HTTP to HTTPS should be a matter of adding key parameters. This will make our nginx module less generic but much simpler to use.

Attachments (0)

Change History (6)

comment:1 Changed on 04/02/2014 at 11:24:08 AM by trev

  • Blocking 124 added

comment:2 Changed on 04/02/2014 at 11:24:28 AM by trev

  • Owner set to trev
  • Status changed from new to assigned

comment:3 Changed on 04/02/2014 at 11:25:42 AM by trev

Turned out that rotating logs is also an issue, a few modules didn't even set up a custom log file for themselves. Also, none of the host configurations had SPDY enabled.

Last edited on 04/02/2014 at 11:26:08 AM by trev

comment:4 Changed on 04/02/2014 at 02:06:50 PM by trev

  • Review URL(s) modified (diff)
  • Status changed from assigned to reviewing

comment:5 Changed on 04/08/2014 at 10:36:49 AM by trev

  • Blocking 254 added

comment:6 Changed on 04/10/2014 at 09:07:57 AM by trev

  • Resolution set to fixed
  • Status changed from reviewing to closed

Add Comment

Modify Ticket

Change Properties
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from trev.
Note: See TracTickets for help on using tickets.