Adding option to disable the ssl_session_cache

Pierre Paul Lefebvre · Pierre Paul Lefebvre · commit 0a287154bfc6 · 2014-10-02T10:31:38.000-04:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -24,8 +24,9 @@ nginx_drupal_flv_streaming: true
 nginx_drupal_mp4_streaming: true
 nginx_drupal_http_core:
   client_max_body_size: "10m"
+  ssl_session_cache: true
 nginx_drupal_upstream_servers: ["unix:/var/run/php-fpm.sock", "php-fpm-zwei.sock"]
 nginx_drupal_upstream_backup_servers: ["unix:/var/run/php-fpm-bkp.sock"]
 nginx_drupal_sites: none
 nginx_drupal_http_pre_includes: []
-nginx_drupal_http_post_includes: []
+nginx_drupal_http_post_includes: []
diff --git a/templates/nginx.j2 b/templates/nginx.j2
@@ -100,12 +100,14 @@ http {
     ## Hide the Nginx version number.
     server_tokens off;
 
+    {% if nginx_drupal_http_core.ssl_session_cache %}
     ## Use a SSL/TLS cache for SSL session resume. This needs to be
     ## here (in this context, for session resumption to work. See this
     ## thread on the Nginx mailing list:
     ## http://nginx.org/pipermail/nginx/2010-November/023736.html.
     ssl_session_cache shared:SSL:30m;
     ssl_session_timeout 1d;
+    {% endif %}
 
     ## The server dictates the choice of cipher suites.
     ssl_prefer_server_ciphers on;
diff --git a/templates/sites-available/drupal-site.j2 b/templates/sites-available/drupal-site.j2
@@ -131,7 +131,7 @@ server {
 {% endif %}
 
 {% if item.https is defined %}
-{% if item.alternate_server_name %}
+{% if item.alternate_server_name is defined %}
 ## Return (no rewrite) server block.
 server {
     ## This is to avoid the spurious if for sub-domain name
