puppet: Fix nginx configuration logic for S3 backend.

Apparently, our testing environment for this configuration was broken and didn't test the code we thought it did; as a result, a variable redefinition bug slipped through. Fixes zulip#11786.
mateuszmandera · Mar 8, 2019 · 8f38b5b · 8f38b5b
1 parent 8a7d2d4
commit 8f38b5b
Showing 1 changed file with 13 additions and 12 deletions.
diff --git a/puppet/zulip/manifests/nginx.pp b/puppet/zulip/manifests/nginx.pp
@@ -29,22 +29,23 @@
     notify  => Service['nginx'],
   }
 
-  # Nginx versions 1.4.6 and older do not support quoted URLs with the
-  # X-Accel-Redirect / "sendfile" feature, which are required for
-  # unicode support in filenames.  As a result, we use the fancier
-  # django-sendfile behavior only when a sufficiently current version
-  # of nginx is present (e.g.. Xenial).  Older versions (e.g. Trusty)
-  # retain the older, less secure, file upload behavior; we expect
-  # that this will stop being relevant when we drop Trusty support
-  # from Zulip altogether, no later than when Trusty reaches EOL in 2019.
-  $uploads_route = $zulip::base::release_name ? {
-    'trusty' => 'puppet:///modules/zulip/nginx/zulip-include-maybe/uploads-route.direct',
-    default  => 'puppet:///modules/zulip/nginx/zulip-include-maybe/uploads-route.internal',
-  }
   $no_serve_uploads = zulipconf('application_server', 'no_serve_uploads', '')
   if $no_serve_uploads != '' {
     # If we're not serving uploads locally, set the appropriate API headers for it.
     $uploads_route = 'puppet:///modules/zulip/nginx/zulip-include-maybe/uploads-route.noserve'
+  } else {
+    # Nginx versions 1.4.6 and older do not support quoted URLs with the
+    # X-Accel-Redirect / "sendfile" feature, which are required for
+    # unicode support in filenames.  As a result, we use the fancier
+    # django-sendfile behavior only when a sufficiently current version
+    # of nginx is present (e.g.. Xenial).  Older versions (e.g. Trusty)
+    # retain the older, less secure, file upload behavior; we expect
+    # that this will stop being relevant when we drop Trusty support
+    # from Zulip altogether, no later than when Trusty reaches EOL in 2019.
+    $uploads_route = $zulip::base::release_name ? {
+      'trusty' => 'puppet:///modules/zulip/nginx/zulip-include-maybe/uploads-route.direct',
+      default  => 'puppet:///modules/zulip/nginx/zulip-include-maybe/uploads-route.internal',
+    }
   }
 
   file { '/etc/nginx/zulip-include/uploads.route':