Skip to content
This repository has been archived by the owner on Jan 10, 2023. It is now read-only.

Allow disabling of SSL #56

Closed
wants to merge 5 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,7 @@ keyAlias | Tomcat SSL keystore alias | String | tomcat
keystoreFile | Tomcat SSL keystore file - will automatically generate self-signed keystore file if left as default | String | `#{node['stash']['home_path']}/.keystore`
keystorePass | Tomcat SSL keystore passphrase | String | changeit
port | Tomcat HTTP port | Fixnum | 7990
ssl_port | Tomcat HTTPS port | Fixnum | 8443
ssl_port | Tomcat HTTPS port - HTTPS will be disabled, if set to a "false" value (e.g. -1) | Fixnum | 8443

## Recipes

Expand Down
4 changes: 3 additions & 1 deletion recipes/apache2.rb
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + [node['stash']['apache2']['port']] unless node['apache']['listen_ports'].include?(node['stash']['apache2']['port'])
node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + [node['stash']['apache2']['ssl']['port']] unless node['apache']['listen_ports'].include?(node['stash']['apache2']['ssl']['port'])
unless node['apache']['listen_ports'].include?(node['stash']['apache2']['ssl']['port']) || !node['stash']['apache2']['ssl']['port']
node.set['apache']['listen_ports'] = node['apache']['listen_ports'] + [node['stash']['apache2']['ssl']['port']]
end

include_recipe 'apache2'
include_recipe 'apache2::mod_proxy'
Expand Down
2 changes: 1 addition & 1 deletion recipes/linux_standalone.rb
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
chown #{node['stash']['user']}:#{node['stash']['user']} #{settings['tomcat']['keystoreFile']}
COMMAND
creates settings['tomcat']['keystoreFile']
only_if { settings['tomcat']['keystoreFile'] == "#{node['stash']['home_path']}/.keystore" }
only_if { settings['tomcat']['keystoreFile'] == "#{node['stash']['home_path']}/.keystore" && settings['tomcat']['ssl_port'] }
end

directory node['stash']['install_path'] do
Expand Down
2 changes: 2 additions & 0 deletions templates/default/server-tomcat7.xml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@
connectionTimeout="20000"
redirectPort="8443" />
-->
<%- if node['stash']['tomcat']['ssl_port'] %>
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
Expand All @@ -121,6 +122,7 @@
<%= "keystorePass=\"#{@tomcat['keystorePass']}\"" if @tomcat['keystorePass'] %>
<%- end %>
/>
<%- end %>
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
Expand Down
2 changes: 2 additions & 0 deletions templates/default/server-tomcat8.xml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@
connectionTimeout="20000"
redirectPort="8443" />
-->
<%- if node['stash']['tomcat']['ssl_port'] %>
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
Expand All @@ -119,6 +120,7 @@
<%= "keystorePass=\"#{@tomcat['keystorePass']}\"" if @tomcat['keystorePass'] %>
<%- end %>
/>
<%- end %>
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
Expand Down
2 changes: 2 additions & 0 deletions templates/default/server.xml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@
connectionTimeout="20000"
redirectPort="8443" />
-->
<%- if node['stash']['tomcat']['ssl_port'] %>
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
Expand All @@ -116,6 +117,7 @@
<%= "keystorePass=\"#{@tomcat['keystorePass']}\"" if @tomcat['keystorePass'] %>
<%- end %>
/>
<%- end %>

<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
Expand Down
2 changes: 2 additions & 0 deletions templates/default/web-tomcat7.xml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -4280,6 +4280,7 @@
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<%- if node['stash']['tomcat']['ssl_port'] %>
<!-- Require HTTPS for login -->
<security-constraint>
<web-resource-collection>
Expand All @@ -4290,4 +4291,5 @@
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<%- end %>
</web-app>
2 changes: 2 additions & 0 deletions templates/default/web.xml.erb
Original file line number Diff line number Diff line change
Expand Up @@ -1202,6 +1202,7 @@
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>

<%- if node['stash']['tomcat']['ssl_port'] %>
<!-- Require HTTPS for login -->
<security-constraint>
<web-resource-collection>
Expand All @@ -1212,4 +1213,5 @@
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<%- end %>
</web-app>
2 changes: 2 additions & 0 deletions templates/default/web_app.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
ProxyPassReverse / http://localhost:<%= node['stash']['tomcat']['port'] %>/
</VirtualHost>

<%- if node['stash']['apache2']['ssl']['port'] %>
<VirtualHost *:<%= node['stash']['apache2']['ssl']['port'] %>>
<% unless node['stash']['apache2']['virtual_host_name'].empty? -%>
ServerName <%= node['stash']['apache2']['virtual_host_name'] %>
Expand Down Expand Up @@ -64,3 +65,4 @@
SSLCertificateChainFile <%= node['stash']['apache2']['ssl']['chain_file'] %>
<% end -%>
</VirtualHost>
<% end -%>