X-Git-Url: https://git.arvados.org/arvados-formula.git/blobdiff_plain/250bd933ee9caf3a29f0e6dc3bab130a670d99e5..175f39d6b8ded81f9ba78f99700fee9d49275d21:/test/salt/pillar/examples/nginx_passenger.sls

diff --git a/test/salt/pillar/examples/nginx_passenger.sls b/test/salt/pillar/examples/nginx_passenger.sls
index 1cc9cce..63ca497 100644
--- a/test/salt/pillar/examples/nginx_passenger.sls
+++ b/test/salt/pillar/examples/nginx_passenger.sls
@@ -1,17 +1,27 @@
 ---
-{%- if grains.os_family in ('RedHat',) %}
-  {%- set passenger_pkg = 'nginx-mod-http-passenger' %}
-  {%- set passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so' %}
-{%- else %}
-  {%- set passenger_pkg = 'libnginx-mod-http-passenger' %}
-  {%- set passenger_mod = '/usr/lib/nginx/modules/ngx_http_passenger_module.so' %}
-{%- endif %}
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+{%- set passenger_pkg = 'nginx-mod-http-passenger'
+                          if grains.osfinger in ('CentOS Linux-7') else
+                        'libnginx-mod-http-passenger' %}
+{%- set passenger_mod = '/usr/lib64/nginx/modules/ngx_http_passenger_module.so'
+                          if grains.osfinger in ('CentOS Linux-7',) else
+                        '/usr/lib/nginx/modules/ngx_http_passenger_module.so' %}
+{%- set passenger_ruby = '/usr/local/rvm/rubies/ruby-2.7.2/bin/ruby'
+                           if grains.osfinger in ('CentOS Linux-7', 'Ubuntu-18.04',) else
+                         '/usr/bin/ruby' %}
 
 ### NGINX
 nginx:
   install_from_phusionpassenger: true
   lookup:
     passenger_package: {{ passenger_pkg }}
+  ### PASSENGER
+  passenger:
+    passenger_ruby: {{ passenger_ruby }}
+
   ### SERVER
   server:
     config:
@@ -39,8 +49,9 @@ nginx:
       - add_header: 'Strict-Transport-Security "max-age=63072000" always'
 
       # OCSP stapling
-      - ssl_stapling: 'on'
-      - ssl_stapling_verify: 'on'
+      # FIXME! Stapling does not work with self-signed certificates, so disabling for tests
+      # - ssl_stapling: 'on'
+      # - ssl_stapling_verify: 'on'
 
       # verify chain of trust of OCSP response using Root CA and Intermediate certs
       # - ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates
@@ -51,9 +62,9 @@ nginx:
       # replace with the IP address of your resolver
       # - resolver: 127.0.0.1
 
-    ssl_snakeoil.conf:
-      - ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem
-      - ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key
+    arvados-snakeoil.conf:
+      - ssl_certificate: /etc/ssl/private/arvados-snakeoil-cert.pem
+      - ssl_certificate_key: /etc/ssl/private/arvados-snakeoil-cert.key
 
   ### SITES
   servers: