diff --git a/.gitignore b/.gitignore
index 84bfbdab4..60105699d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 files/server_test.crt
 files/server_test.pem
 pkg/
+/metadata.json
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index 08e4b4a67..9736b981a 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -24,6 +24,7 @@
 #   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
+#   [*ssl_access_log*]      - Optional alternative log file for SSL vhost.  Otherwise will use same file as $access_log.
 #   [*server_name*]         - List of vhostnames for which this vhost will respond. Default [$name].
 #   [*www_root*]            - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
 #   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to
@@ -44,7 +45,7 @@
 #     put after everything else inside the SSL vhost
 #   [*rewrite_to_https*]        - Adds a server directive and rewrite rule to
 #      rewrite to ssl
-#   [*include_files*] 		      - Adds include files to vhost
+#   [*include_files*]           - Adds include files to vhost
 #
 # Actions:
 #
@@ -85,6 +86,7 @@
     'index.php'],
   $logdir                 = $nginx::params::nx_logdir,
   $access_log             = "${name}.log",
+  $ssl_access_log         = undef,
   $server_name            = [$name],
   $www_root               = undef,
   $rewrite_www_to_non_www = false,
@@ -101,6 +103,12 @@
   $include_files          = undef
 ) {
 
+  if $ssl_access_log {
+    $real_ssl_access_log = $ssl_access_log
+  } else {
+    $real_ssl_access_log = $access_log
+  }
+
   File {
     ensure => $ensure ? {
       'absent' => absent,
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 22ac2527b..26b0f125a 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -6,6 +6,7 @@ server {
   <% if ipv6_enable == 'true' && (defined? ipaddress6) %>
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
+  access_log            <%= @logdir %>/<%= @real_ssl_access_log %>;
   server_name  <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
 
   ssl on;