From 22794ebcc643aab15af0e1ff67628ce1edde90dc Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
Date: Wed, 11 Sep 2013 20:00:01 -0400
Subject: [PATCH 1/5] Add ability to not set access_log in vhost.

---
 templates/vhost/vhost_header.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb
index 73470a040..c970d2262 100644
--- a/templates/vhost/vhost_header.erb
+++ b/templates/vhost/vhost_header.erb
@@ -9,7 +9,9 @@ server {
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
   server_name           <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
+<% if @access_log -%>
   access_log            <%= @logdir %>/<%= @access_log %>;
+<% end %>
   <% if defined? auth_basic -%>
 auth_basic           "<%= auth_basic %>";
   <% end -%>

From 4599c17ec4f4675d238901da1c3ec48b69c5e0fe Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
Date: Wed, 11 Sep 2013 20:01:31 -0400
Subject: [PATCH 2/5] Add ability to set access_log for ssl vhost.

---
 .gitignore                           | 1 +
 manifests/resource/vhost.pp          | 1 +
 templates/vhost/vhost_ssl_header.erb | 3 +++
 3 files changed, 5 insertions(+)

diff --git a/.gitignore b/.gitignore
index 84bfbdab4..60105699d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 files/server_test.crt
 files/server_test.pem
 pkg/
+/metadata.json
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index 08e4b4a67..3e1084c03 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -85,6 +85,7 @@
     'index.php'],
   $logdir                 = $nginx::params::nx_logdir,
   $access_log             = "${name}.log",
+  $ssl_access_log         = "${name}-ssl.log",
   $server_name            = [$name],
   $www_root               = undef,
   $rewrite_www_to_non_www = false,
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 22ac2527b..4527a8796 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -6,6 +6,9 @@ server {
   <% if ipv6_enable == 'true' && (defined? ipaddress6) %>
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
+<% if @access_log -%>
+  access_log            <%= @logdir %>/<%= @ssl_access_log %>;
+<% end %>
   server_name  <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
 
   ssl on;

From b169c381e4598c578e7232735bc817878400b8af Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tmclaughlin@hubspot.com>
Date: Thu, 12 Sep 2013 14:19:14 -0400
Subject: [PATCH 3/5] If you pass undef as an argument to a class or you get
 the defauilt value so my idea made no sense.  However, let's leave
 ssl_access_log while we're here.

---
 templates/vhost/vhost_header.erb     | 2 --
 templates/vhost/vhost_ssl_header.erb | 2 --
 2 files changed, 4 deletions(-)

diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb
index c970d2262..73470a040 100644
--- a/templates/vhost/vhost_header.erb
+++ b/templates/vhost/vhost_header.erb
@@ -9,9 +9,7 @@ server {
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
   server_name           <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
-<% if @access_log -%>
   access_log            <%= @logdir %>/<%= @access_log %>;
-<% end %>
   <% if defined? auth_basic -%>
 auth_basic           "<%= auth_basic %>";
   <% end -%>
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 4527a8796..67c55b0dc 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -6,9 +6,7 @@ server {
   <% if ipv6_enable == 'true' && (defined? ipaddress6) %>
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
-<% if @access_log -%>
   access_log            <%= @logdir %>/<%= @ssl_access_log %>;
-<% end %>
   server_name  <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
 
   ssl on;

From f0753aa0fc297969543cdb8c85c8ea7b68fe4e55 Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tmclaughlin@hubspot.com>
Date: Mon, 16 Sep 2013 08:56:47 -0400
Subject: [PATCH 4/5] set access_log in ssl vhost to same value as non-ssl
 vhost unless ssl_access_log is defined.  Preserves back compatibility this
 way.

---
 manifests/resource/vhost.pp          | 8 +++++++-
 templates/vhost/vhost_ssl_header.erb | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index 3e1084c03..2962db38b 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -85,7 +85,7 @@
     'index.php'],
   $logdir                 = $nginx::params::nx_logdir,
   $access_log             = "${name}.log",
-  $ssl_access_log         = "${name}-ssl.log",
+  $ssl_access_log         = undef,
   $server_name            = [$name],
   $www_root               = undef,
   $rewrite_www_to_non_www = false,
@@ -102,6 +102,12 @@
   $include_files          = undef
 ) {
 
+  if $ssl_access_log {
+    $real_ssl_access_log = $ssl_access_log
+  } else {
+    $real_ssl_access_log = $access_log
+  }
+
   File {
     ensure => $ensure ? {
       'absent' => absent,
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 67c55b0dc..26b0f125a 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -6,7 +6,7 @@ server {
   <% if ipv6_enable == 'true' && (defined? ipaddress6) %>
   listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
   <% end %>
-  access_log            <%= @logdir %>/<%= @ssl_access_log %>;
+  access_log            <%= @logdir %>/<%= @real_ssl_access_log %>;
   server_name  <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
 
   ssl on;

From bc7ffed40faffb71e048846ef946f3a6189ec3ba Mon Sep 17 00:00:00 2001
From: Tom McLaughlin <tmclaughlin@hubspot.com>
Date: Mon, 16 Sep 2013 08:59:55 -0400
Subject: [PATCH 5/5] Document ssl_access_log.

---
 manifests/resource/vhost.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index 2962db38b..9736b981a 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -24,6 +24,7 @@
 #   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
 #   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
+#   [*ssl_access_log*]      - Optional alternative log file for SSL vhost.  Otherwise will use same file as $access_log.
 #   [*server_name*]         - List of vhostnames for which this vhost will respond. Default [$name].
 #   [*www_root*]            - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
 #   [*rewrite_www_to_non_www*]  - Adds a server directive and rewrite rule to
@@ -44,7 +45,7 @@
 #     put after everything else inside the SSL vhost
 #   [*rewrite_to_https*]        - Adds a server directive and rewrite rule to
 #      rewrite to ssl
-#   [*include_files*] 		      - Adds include files to vhost
+#   [*include_files*]           - Adds include files to vhost
 #
 # Actions:
 #