From f952a3edf88e57b7c6c512cc8d3c56217cc80561 Mon Sep 17 00:00:00 2001
From: Theo Chatzimichos <tampakrap@gmail.com>
Date: Mon, 23 Jan 2017 14:53:27 +0100
Subject: [PATCH] make puppet::server::unicorn.pp compatible with
 voxpupuli/nginx 0.6.0

---
 .fixtures.yml                  |  2 +-
 README.md                      |  2 +-
 manifests/server/unicorn.pp    | 69 ++++++++++++++--------------------
 metadata.json                  |  4 +-
 spec/spec_helper_acceptance.rb |  2 +-
 5 files changed, 34 insertions(+), 45 deletions(-)

diff --git a/.fixtures.yml b/.fixtures.yml
index 8cfdb46..bcc4cc2 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -12,7 +12,7 @@ fixtures:
     unicorn: "ploperations/unicorn"
     rack: "ploperations/rack"
     bundler: "ploperations/bundler"
-    nginx: "jfryman/nginx"
+    nginx: "puppet/nginx"
     inifile: "puppetlabs/inifile"
     apache: "puppetlabs/apache"
     portage: "gentoo/portage"
diff --git a/README.md b/README.md
index 72d4190..cf253cb 100644
--- a/README.md
+++ b/README.md
@@ -212,7 +212,7 @@ and rspec tests.
 
   [puppetlabs-puppetdb]: https://github.com/puppetlabs/puppet-puppetdb
   [puppetlabs-apache]: https://github.com/puppetlabs/puppetlabs-apache
-  [jfryman-nginx]: https://github.com/jfryman/puppet-nginx
+  [puppet-nginx]: https://github.com/voxpupuli/puppet-nginx
   [r10k]: https://github.com/adrienthebo/r10k
   [hiera-lookup]: https://docs.puppetlabs.com/hiera/1/puppet.html#automatic-parameter-lookup
   [hiera-docs]: https://docs.puppetlabs.com/hiera/1/
diff --git a/manifests/server/unicorn.pp b/manifests/server/unicorn.pp
index 635a9c9..a503201 100644
--- a/manifests/server/unicorn.pp
+++ b/manifests/server/unicorn.pp
@@ -8,14 +8,14 @@
   class { 'puppet::server::standalone':
     enabled => false,
     before  => [
-      Nginx::Resource::Vhost['puppetmaster'],
+      Nginx::Resource::Server['puppetmaster'],
       Unicorn::App['puppetmaster'],
     ],
   }
 
   $unicorn_socket = "unix:${puppet::rundir}/puppetmaster_unicorn.sock"
 
-  nginx::resource::vhost { 'puppetmaster':
+  nginx::resource::server { 'puppetmaster':
     server_name          => [$puppet::server::servername],
     listen_ip            => $puppet::server::bindaddress,
     ssl                  => true,
@@ -25,34 +25,27 @@
     ssl_key              => "${puppet::ssldir}/private_keys/${puppet::server::servername}.pem",
     ssl_ciphers          => $puppet::server::ssl_ciphers,
     ssl_protocols        => $puppet::server::ssl_protocols,
+    ssl_crl              => "${puppet::ssldir}/crl.pem",
+    ssl_client_cert      => "${puppet::ssldir}/certs/ca.pem",
+    ssl_verify_client    => 'optional',
     use_default_location => false,
-    vhost_cfg_append     => {
-      ssl_crl                => "${puppet::ssldir}/crl.pem",
-      ssl_client_certificate => "${puppet::ssldir}/certs/ca.pem",
-      ssl_verify_client      => 'optional',
-      proxy_set_header       => [ 'Host $host',
-                                  'X-Real-IP $remote_addr',
-                                  'X-Forwarded-For $proxy_add_x_forwarded_for',
-                                  'X-Client-Verify $ssl_client_verify',
-                                  'X-Client-DN $ssl_client_s_dn',
-                                  'X-SSL-Issuer $ssl_client_i_dn'],
-      root                   => '/usr/share/empty',
-    }
+    www_root             => '/usr/share/empty',
   }
   nginx::resource::location { 'unicorn_upstream':
-    ensure              => present,
-    location            => '/',
-    vhost               => 'puppetmaster',
-    proxy_set_header    => [],
-    location_custom_cfg => {
-      proxy_pass            => 'http://puppetmaster_unicorn',
-      proxy_redirect        => 'off',
-      proxy_connect_timeout => '90',
-      proxy_read_timeout    => '300',
-    },
-    # this priority sets concat order so that the location is created inside
-    # the server block. This works around a possible bug in jfryman/nginx.
-    priority            => 701,
+    ensure                => present,
+    location              => '/',
+    server                => 'puppetmaster',
+    proxy                 => 'http://puppetmaster_unicorn',
+    proxy_redirect        => 'off',
+    proxy_connect_timeout => '90',
+    proxy_read_timeout    => '300',
+    proxy_set_header      => ['Host $host',
+                              'X-Real-IP $remote_addr',
+                              'X-Forwarded-For $proxy_add_x_forwarded_for',
+                              'X-Client-Verify $ssl_client_verify',
+                              'X-Client-DN $ssl_client_s_dn',
+                              'X-SSL-Issuer $ssl_client_i_dn'],
+    ssl_only              => true,
   }
   nginx::resource::upstream { 'puppetmaster_unicorn':
     members => [
@@ -63,19 +56,15 @@
   if ! empty( $::puppet::server::external_ca )
   {
     nginx::resource::location { 'external_certificate_authority_proxy':
-      ensure              => present,
-      location            => '~ ^/.*/certificate.*',
-      vhost               => 'puppetmaster',
-      proxy_set_header    => [],
-      location_custom_cfg => {
-        proxy_pass            => $puppet::server::external_ca,
-        proxy_redirect        => 'off',
-        proxy_connect_timeout => '90',
-        proxy_read_timeout    => '300',
-      },
-      # this priority sets concat order so that the location is created inside
-      # the server block. This works around a possible bug in jfryman/nginx.
-      priority            => 701,
+      ensure                => present,
+      location              => '~ ^/.*/certificate.*',
+      server                => 'puppetmaster',
+      proxy_set_header      => [],
+      proxy                 => $puppet::server::external_ca,
+      proxy_redirect        => 'off',
+      proxy_connect_timeout => '90',
+      proxy_read_timeout    => '300',
+      ssl_only              => true,
     }
   }
 
diff --git a/metadata.json b/metadata.json
index ca09d1c..d8f5606 100644
--- a/metadata.json
+++ b/metadata.json
@@ -33,8 +33,8 @@
       "version_requirement": ">= 2.1.0 <3.0.0"
     },
     {
-      "name": "jfryman/nginx",
-      "version_requirement": ">= 0.2.0 <1.0.0"
+      "name": "puppet/nginx",
+      "version_requirement": ">= 0.6.0 <1.0.0"
     },
     {
       "name": "puppetlabs/puppetdb",
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index cc7c322..2cc2416 100644
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -48,7 +48,7 @@
 mod 'unicorn',        :git => 'git://github.com/puppetlabs-operations/puppet-unicorn.git'
 mod 'rack',           :git => 'git://github.com/puppetlabs-operations/puppet-rack.git'
 mod 'bundler',        :git => 'git://github.com/puppetlabs-operations/puppet-bundler.git'
-mod 'nginx',          :git => 'git://github.com/jfryman/puppet-nginx.git', :ref => 'v0.0.10'
+mod 'nginx',          :git => 'git://github.com/voxpupuli/puppet-nginx.git'
 mod 'inifile',        :git => 'git://github.com/puppetlabs/puppetlabs-inifile.git'
 mod 'apache',         :git => 'git://github.com/puppetlabs/puppetlabs-apache.git'
 mod 'portage',        :git => 'git://github.com/gentoo/puppet-portage.git'