From 39ab158debb91aa236c53280d0d35533fdbd1c0f Mon Sep 17 00:00:00 2001 From: Christoph Maser Date: Sun, 26 May 2024 22:31:39 +0200 Subject: [PATCH] drop support for versions < 1.15.0 --- spec/acceptance/nginx_mail_spec.rb | 40 ------------------------ spec/defines/resource_server_spec.rb | 6 ---- templates/mailhost/mailhost.epp | 3 -- templates/mailhost/mailhost_ssl.epp | 5 +-- templates/server/server_ssl_settings.erb | 3 -- 5 files changed, 1 insertion(+), 56 deletions(-) diff --git a/spec/acceptance/nginx_mail_spec.rb b/spec/acceptance/nginx_mail_spec.rb index 1475471b4..993c97673 100644 --- a/spec/acceptance/nginx_mail_spec.rb +++ b/spec/acceptance/nginx_mail_spec.rb @@ -79,45 +79,5 @@ class { 'nginx': describe port(465) do it { is_expected.to be_listening } end - - context 'when configured for nginx 1.14' do - it 'runs successfully' do - pp = " - if fact('os.family') == 'RedHat' { - package { 'nginx-mod-mail': - ensure => installed, - } - } - - class { 'nginx': - mail => true, - nginx_version => '1.14.0', - dynamic_modules => fact('os.family') ? { - 'RedHat' => ['/usr/lib64/nginx/modules/ngx_mail_module.so'], - default => [], - } - } - nginx::resource::mailhost { 'domain1.example': - ensure => present, - auth_http => 'localhost/cgi-bin/auth', - protocol => 'smtp', - listen_port => 587, - ssl => true, - ssl_port => 465, - ssl_cert => '/etc/pki/tls/certs/blah.cert', - ssl_key => '/etc/pki/tls/private/blah.key', - xclient => 'off', - } - " - - apply_manifest(pp, catch_failures: true) - end - - describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do - it 'does\'t contain `ssl` on `listen` line' do - is_expected.to contain 'listen *:465;' - end - end - end end end diff --git a/spec/defines/resource_server_spec.rb b/spec/defines/resource_server_spec.rb index 60515a008..91b7c94c9 100644 --- a/spec/defines/resource_server_spec.rb +++ b/spec/defines/resource_server_spec.rb @@ -675,12 +675,6 @@ it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } end - context 'with fact nginx_version=1.14.1' do - let(:facts) { facts.merge(nginx_version: '1.14.1') } - - it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ ssl on;}) } - end - context 'with fact nginx_version=1.15.1' do let(:facts) { facts.merge(nginx_version: '1.15.1') } diff --git a/templates/mailhost/mailhost.epp b/templates/mailhost/mailhost.epp index 8a9c4fb58..003898c8a 100644 --- a/templates/mailhost/mailhost.epp +++ b/templates/mailhost/mailhost.epp @@ -23,9 +23,6 @@ server { <%- } -%> <%= $mailhost_common -%> -<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%> - ssl off; -<% } %> starttls <%= $starttls %>; <% if $starttls != 'off' { %> diff --git a/templates/mailhost/mailhost_ssl.epp b/templates/mailhost/mailhost_ssl.epp index 3b0ef78fc..e5ffc5f10 100644 --- a/templates/mailhost/mailhost_ssl.epp +++ b/templates/mailhost/mailhost_ssl.epp @@ -14,16 +14,13 @@ server { <%= $mailhost_prepend -%> <%- $listen_ip.each |$ip| { -%> - listen <%= $ip %>:<%= $ssl_port %><% if versioncmp($nginx_version, '1.15.0') >= 0 { %> ssl<% } %>; + listen <%= $ip %>:<%= $ssl_port %> ssl; <%- } -%> <%- $ipv6_listen_ip.each |$ipv6| { -%> listen [<%= $ipv6 %>]:<%= $ssl_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>; <%- } -%> <%= $mailhost_common -%> -<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%> - ssl on; -<% } %> starttls off; <%= $mailhost_ssl_settings -%> diff --git a/templates/server/server_ssl_settings.erb b/templates/server/server_ssl_settings.erb index 16a056139..e5251ace8 100755 --- a/templates/server/server_ssl_settings.erb +++ b/templates/server/server_ssl_settings.erb @@ -1,6 +1,3 @@ -<% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.15.0']) < 0 -%> - ssl on; -<% end -%> <% if scope.call_function('versioncmp', [scope['nginx::nginx_version'], '1.25.1']) >= 0 && @http2 -%> http2 <%= @http2 %>; <% end -%>