Skip to content
Snippets Groups Projects
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
mod_ssl.pp 1.37 KiB
# Copyright (C) 2014 Thomas Bellman.
# Licensed under the GNU LGPL v3+; see the README file for more information.


import "apache"


/*
 * Install the Apache mod_ssl module.
 * Note that unlike the ssl.conf that comes with the normal mod_ssl
 * package, we do not add a 'Listen 443' directive.
 */
class apache::mod_ssl
{
    include apache

    $default_options = {
	'SSLSessionCache'	 => 'shmcb:/var/cache/mod_ssl/scache(512000)',
	'SSLSessionCacheTimeout' => '300',
	'SSLMutex'		 => 'default',
	'SSLRandomSeed startup'	 => 'file:/dev/urandom 256',
	'SSLRandomSeed connect'	 => 'builtin',
	'SSLCryptoDevice'	 => 'builtin',
    }
    package {
	'mod_ssl':
	    ensure => installed,
	    # We want conf.d to be cleaned up from whatever mod_ssl puts there
	    before => File[$apache::configdir];
    }
    apache::module::globalconfig {
	'ssl':
	    loadmodule => 'ssl_module modules/mod_ssl.so',
	    directives => [],
	    defaultoptions => $default_options,
	    options => { },
	    require => Package['mod_ssl'];
    }
}


class apache::mod_ssl::absent
      inherits apache::mod_ssl
{
    # Remove the configuration referencing the module before the actual
    # module, in case the machine reboots in the middle.
    Package['mod_ssl'] {
	ensure => absent,
	before => [],
    }
    Apache::Module::Globalconfig['ssl'] {
	ensure => absent,
	require => [],
	before => Package['mod_ssl'],
    }
}