protected boolean appendSslConfig()

in software/webapp/src/main/java/org/apache/brooklyn/entity/proxy/nginx/NginxDefaultConfigGenerator.java [251:303]


    protected boolean appendSslConfig(String id, StringBuilder out, String prefix, ProxySslConfig ssl,
                                   boolean sslBlock, boolean certificateBlock) {
        if (ssl == null) return false;
        if (sslBlock) {
            out.append(prefix);
            out.append("ssl on;\n");
        }
        if (ssl.getReuseSessions()) {
            out.append(prefix);
            out.append("");
        }
        if (certificateBlock) {
            String cert;
            if (Strings.isEmpty(ssl.getCertificateDestination())) {
                cert = "" + id + ".crt";
            } else {
                cert = ssl.getCertificateDestination();
            }
            out.append(prefix);
            out.append("ssl_certificate " + cert + ";\n");

            String key;
            if (!Strings.isEmpty(ssl.getKeyDestination())) {
                key = ssl.getKeyDestination();
            } else if (!Strings.isEmpty(ssl.getKeySourceUrl())) {
                key = "" + id + ".key";
            } else {
                key = null;
            }
            if (key != null) {
                out.append(prefix);
                out.append("ssl_certificate_key " + key + ";\n");
            }

            if (ssl.getVerifyClient()) {
                out.append("ssl_verify_client on;\n");

                String client;
                if (Strings.isEmpty(ssl.getClientCertificateDestination())) {
                    client = "" + id + ".cli";
                } else {
                    client = ssl.getClientCertificateDestination();
                }
                if (client != null) {
                    out.append(prefix);
                    out.append("ssl_client_certificate " + client + ";\n");
                }
            }

            out.append("ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n");
        }
        return true;
    }