capistrano-unicorn-nginx 4.1.0 → 4.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9fe00dbabd4665ed0ccb5d10829f8e717cc5c2d7
4
- data.tar.gz: 34dc0d1bc6cb2b731e536389382693981f09d83b
3
+ metadata.gz: 8f0337593e08e19cab15ce29f6ccb7455e37df5e
4
+ data.tar.gz: 8eba038b8b6e113d3e8be52f8838c14e3232fea4
5
5
  SHA512:
6
- metadata.gz: c8dfbf17556637f0cbc88c29a7a8d52d4524b9bb87a83028216e12aaa7e0972d104cafb7cb89629527d3b49c28e13724ebae74a91c1fae8d2b752d9b2f7ed208
7
- data.tar.gz: 776ac431b05d7db9f967f7294371a60228dbd9ea5dece3faac483a520d80b4ec5a17ee118e0a86aebb5c0eba3489ea838cac366f60259cad97fdbdbca92d4954
6
+ metadata.gz: 207b3ae7e01925fb55b881e18188b4c8c8b939cf874d2c1b6f2228c1957f975d97d95a926e637e10bcf2b563c804492b507f5dc9691c7ac5ebfd647b61c2d636
7
+ data.tar.gz: b801c70fc857c355b81444fbac9e5206719444107acf0aa0840a1bc68bd00f011c40e86885241e5b0660bc856c00f653cd84ce32d6ae87ef22063452e0c008d1
@@ -2,6 +2,9 @@
2
2
 
3
3
  ### master
4
4
 
5
+ ### v4.2.0, 2018-02-08
6
+ - Add support for client authentication using a root CA. Inspired by
7
+ http://www.pandurang-waghulde.com/2014/06/client-side-ssl-certificate.html
5
8
 
6
9
  ### v4.1.0, 2017-06-21
7
10
  - Auto-generate dhparams.pem if missing
@@ -1,13 +1,12 @@
1
1
  module Capistrano
2
2
  module DSL
3
3
  module NginxPaths
4
-
5
4
  def nginx_sites_available_file
6
5
  "#{fetch(:nginx_location)}/sites-available/#{fetch(:nginx_config_name)}"
7
6
  end
8
7
 
9
8
  def nginx_dh_params_file
10
- "/etc/nginx/ssl/dhparam.pem"
9
+ '/etc/nginx/ssl/dhparam.pem'
11
10
  end
12
11
 
13
12
  def nginx_sites_enabled_file
@@ -15,7 +14,7 @@ module Capistrano
15
14
  end
16
15
 
17
16
  def nginx_service_path
18
- "#{fetch(:nginx_service_path)}"
17
+ fetch(:nginx_service_path).to_s
19
18
  end
20
19
 
21
20
  def nginx_default_pid_file
@@ -32,11 +31,11 @@ module Capistrano
32
31
  end
33
32
 
34
33
  def nginx_default_ssl_cert_file_path
35
- "/etc/ssl/certs/"
34
+ '/etc/ssl/certs/'
36
35
  end
37
36
 
38
37
  def nginx_default_ssl_cert_key_file_path
39
- "/etc/ssl/private/"
38
+ '/etc/ssl/private/'
40
39
  end
41
40
 
42
41
  def nginx_ssl_cert_file
@@ -47,6 +46,10 @@ module Capistrano
47
46
  "#{fetch(:nginx_ssl_cert_key_path)}#{fetch(:nginx_ssl_cert_key)}"
48
47
  end
49
48
 
49
+ def nginx_ssl_client_ca
50
+ fetch(:nginx_ssl_client_ca)
51
+ end
52
+
50
53
  # log files
51
54
  def nginx_access_log_file
52
55
  "/var/log/nginx/#{fetch(:nginx_config_name)}.access.log"
@@ -55,7 +58,6 @@ module Capistrano
55
58
  def nginx_error_log_file
56
59
  "/var/log/nginx/#{fetch(:nginx_config_name)}.error.log"
57
60
  end
58
-
59
61
  end
60
62
  end
61
63
  end
@@ -1,5 +1,5 @@
1
1
  module Capistrano
2
2
  module UnicornNginx
3
- VERSION = "4.1.0"
3
+ VERSION = '4.2.0'.freeze
4
4
  end
5
5
  end
@@ -17,6 +17,9 @@ server {
17
17
  ssl on;
18
18
  ssl_certificate <%= nginx_ssl_cert_file %>;
19
19
  ssl_certificate_key <%= nginx_ssl_cert_key_file %>;
20
+ <% if fetch(:nginx_use_client_ssl) -%>
21
+ ssl_trusted_certificate <%= nginx_ssl_client_ca %>;
22
+ <% end -%>
20
23
 
21
24
  ssl_session_cache shared:SSL:10m;
22
25
  ssl_session_timeout 10m;
@@ -35,7 +38,7 @@ server {
35
38
 
36
39
  add_header X-Content-Type-Options nosniff;
37
40
 
38
- <% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert -%>
41
+ <% if fetch(:nginx_use_ssl) && (nginx_pass_ssl_client_cert || fetch(:nginx_use_client_ssl)) -%>
39
42
  ssl_verify_client optional_no_ca;
40
43
  <% end -%>
41
44
 
@@ -59,6 +62,12 @@ server {
59
62
  <% if fetch(:nginx_use_ssl) -%>
60
63
  proxy_set_header X-Forwarded-Proto https;
61
64
  <% end -%>
65
+ <% if fetch(:nginx_use_client_ssl) -%>
66
+ proxy_set_header X-Client-Dn $ssl_client_s_dn;
67
+ proxy_set_header X-Client-Serial $ssl_client_serial;
68
+ proxy_set_header X-Client-Verify $ssl_client_verify;
69
+ <% end -%>
70
+
62
71
  <% if fetch(:nginx_use_ssl) && nginx_pass_ssl_client_cert -%>
63
72
  # source: http://forum.nginx.org/read.php?2,236546,236596
64
73
  proxy_set_header X-Client-Cert $a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$v$u$w$x$y$z;
@@ -16,10 +16,10 @@ server {
16
16
  }
17
17
  <% end -%>
18
18
 
19
- <% # render the default server directive. If SSL is enabled, port 443 is used %>
19
+ <%# render the default server directive. If SSL is enabled, port 443 is used %>
20
20
  <%= template_to_s("_default_server_directive.erb", ssl_port: 443, nginx_pass_ssl_client_cert: false).to_s %>
21
21
 
22
22
  <% if fetch(:nginx_pass_ssl_client_cert) -%>
23
- <% # render the server directive with SSL client certificate authentication enabled on port 444 %>
23
+ <%# render the server directive with SSL client certificate authentication enabled on port 444 %>
24
24
  <%= template_to_s("_default_server_directive.erb", ssl_port: 444, nginx_pass_ssl_client_cert: true).to_s %>
25
25
  <% end -%>
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: capistrano-unicorn-nginx
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.1.0
4
+ version: 4.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ruben Stranders
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2017-06-21 00:00:00.000000000 Z
12
+ date: 2018-02-08 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: capistrano
@@ -107,9 +107,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
107
107
  version: '0'
108
108
  requirements: []
109
109
  rubyforge_project:
110
- rubygems_version: 2.6.10
110
+ rubygems_version: 2.6.14
111
111
  signing_key:
112
112
  specification_version: 4
113
113
  summary: Capistrano tasks for automatic and sensible unicorn + nginx configuraion.
114
114
  test_files: []
115
- has_rdoc: