2011-06-07 01:05:27 +02:00
# Class: nginx::config
#
# This module manages NGINX bootstrap and configuration
#
# Parameters:
2011-06-15 21:40:42 +02:00
#
# There are no default parameters for this class.
2011-06-07 01:05:27 +02:00
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
# This class file is not called directly
2012-09-28 18:59:32 +02:00
class nginx : : config (
2014-11-02 14:03:43 +01:00
### START Module/App Configuration ###
2014-11-22 19:40:01 +01:00
$client_body_temp_path = $::nginx::params::client_body_temp_path,
2014-11-08 17:22:30 +01:00
$confd_purge = false ,
2014-11-22 19:40:01 +01:00
$conf_dir = $::nginx::params::conf_dir,
$daemon_user = $::nginx::params::daemon_user,
$global_owner = $::nginx::params::global_owner,
$global_group = $::nginx::params::global_group,
$global_mode = $::nginx::params::global_mode,
$log_dir = $::nginx::params::log_dir,
$http_access_log = $::nginx::params::http_access_log,
$nginx_error_log = $::nginx::params::nginx_error_log,
2015-11-01 14:14:08 +01:00
$nginx_error_log_severity = 'error' ,
2014-11-22 19:40:01 +01:00
$pid = $::nginx::params::pid,
$proxy_temp_path = $::nginx::params::proxy_temp_path,
$root_group = $::nginx::params::root_group,
$run_dir = $::nginx::params::run_dir,
$sites_available_owner = $::nginx::params::sites_available_owner,
$sites_available_group = $::nginx::params::sites_available_group,
$sites_available_mode = $::nginx::params::sites_available_mode,
$super_user = $::nginx::params::super_user,
$temp_dir = $::nginx::params::temp_dir,
2014-11-08 17:22:30 +01:00
$vhost_purge = false ,
2014-11-02 14:03:43 +01:00
# Primary Templates
2014-11-08 17:22:30 +01:00
$conf_template = 'nginx/conf.d/nginx.conf.erb' ,
2015-11-05 17:13:50 +01:00
$proxy_conf_template = undef ,
2014-11-02 14:03:43 +01:00
### END Module/App Configuration ###
2014-11-08 17:22:30 +01:00
### START Nginx Configuration ###
2016-01-26 04:41:06 +01:00
$accept_mutex = 'on' ,
$accept_mutex_delay = '500ms' ,
2014-11-08 17:22:30 +01:00
$client_body_buffer_size = '128k' ,
$client_max_body_size = '10m' ,
$events_use = false ,
$fastcgi_cache_inactive = '20m' ,
$fastcgi_cache_key = false ,
$fastcgi_cache_keys_zone = 'd3:100m' ,
2014-11-24 18:22:41 +01:00
$fastcgi_cache_levels = '1' ,
2014-11-08 17:22:30 +01:00
$fastcgi_cache_max_size = '500m' ,
$fastcgi_cache_path = false ,
$fastcgi_cache_use_stale = false ,
$gzip = 'on' ,
2015-07-11 22:28:43 +02:00
$gzip_buffers = undef ,
$gzip_comp_level = 1 ,
$gzip_disable = 'msie6' ,
$gzip_min_length = 20 ,
$gzip_http_version = 1.1 ,
$gzip_proxied = 'off' ,
2016-02-08 22:26:32 +01:00
$gzip_types = undef ,
2015-07-11 22:28:43 +02:00
$gzip_vary = 'off' ,
2014-11-08 17:22:30 +01:00
$http_cfg_append = false ,
$http_tcp_nodelay = 'on' ,
$http_tcp_nopush = 'off' ,
2014-11-24 18:22:41 +01:00
$keepalive_timeout = '65' ,
2014-08-02 09:04:43 +02:00
$log_format = { } ,
2014-11-08 17:22:30 +01:00
$mail = false ,
2015-10-02 20:41:28 +02:00
$stream = false ,
2014-11-08 17:22:30 +01:00
$multi_accept = 'off' ,
2014-11-24 18:22:41 +01:00
$names_hash_bucket_size = '64' ,
$names_hash_max_size = '512' ,
2014-12-26 17:54:26 +01:00
$nginx_cfg_prepend = false ,
2014-11-08 17:22:30 +01:00
$proxy_buffers = '32 4k' ,
$proxy_buffer_size = '8k' ,
$proxy_cache_inactive = '20m' ,
$proxy_cache_keys_zone = 'd2:100m' ,
2014-11-24 18:22:41 +01:00
$proxy_cache_levels = '1' ,
2014-11-08 17:22:30 +01:00
$proxy_cache_max_size = '500m' ,
$proxy_cache_path = false ,
2014-11-24 18:22:41 +01:00
$proxy_connect_timeout = '90' ,
$proxy_headers_hash_bucket_size = '64' ,
2014-12-18 11:13:50 +01:00
$proxy_http_version = undef ,
2014-11-24 18:22:41 +01:00
$proxy_read_timeout = '90' ,
2014-11-08 17:22:30 +01:00
$proxy_redirect = 'off' ,
2014-11-24 18:22:41 +01:00
$proxy_send_timeout = '90' ,
2014-11-08 17:22:30 +01:00
$proxy_set_header = [
'Host $host' ,
'X-Real-IP $remote_addr' ,
'X-Forwarded-For $proxy_add_x_forwarded_for' ,
] ,
2016-05-12 18:09:16 +02:00
$proxy_hide_header = [ ] ,
2014-11-08 17:22:30 +01:00
$sendfile = 'on' ,
$server_tokens = 'on' ,
$spdy = 'off' ,
2015-10-23 22:16:11 +02:00
$http2 = 'off' ,
2014-11-08 17:22:30 +01:00
$ssl_stapling = 'off' ,
2014-11-24 18:22:41 +01:00
$types_hash_bucket_size = '512' ,
$types_hash_max_size = '1024' ,
$worker_connections = '1024' ,
$worker_processes = '1' ,
$worker_rlimit_nofile = '1024' ,
2014-11-08 17:22:30 +01:00
### END Nginx Configuration ###
2014-11-22 19:40:01 +01:00
) inherits : : nginx : : params {
2014-01-06 22:25:46 +01:00
2014-09-20 20:29:40 +02:00
### Validations ###
2015-04-02 05:34:31 +02:00
if ( $worker_processes ! = 'auto' ) and ( ! is_integer ( $worker_processes)) {
2014-09-20 20:29:40 +02:00
fail ( '$worker_processes must be an integer or have value "auto".' )
}
if ( ! is_integer ( $worker_connections)) {
fail ( '$worker_connections must be an integer.' )
}
if ( ! is_integer ( $worker_rlimit_nofile)) {
fail ( '$worker_rlimit_nofile must be an integer.' )
}
if ( ! is_string ( $events_use)) and ( $events_use ! = false ) {
fail ( '$events_use must be a string or false.' )
}
validate_string ( $multi_accept)
validate_array ( $proxy_set_header)
2016-05-12 18:09:16 +02:00
validate_array ( $proxy_hide_header)
2014-12-18 11:13:50 +01:00
if ( $proxy_http_version ! = undef ) {
2014-12-16 16:48:35 +01:00
validate_string ( $proxy_http_version)
}
2015-11-05 17:13:50 +01:00
if ( $proxy_conf_template ! = undef ) {
2016-02-22 14:56:59 +01:00
warning ( 'The $proxy_conf_template parameter is deprecated and has no effect.' )
2015-11-05 17:13:50 +01:00
}
2014-09-20 20:29:40 +02:00
validate_bool ( $confd_purge)
validate_bool ( $vhost_purge)
2015-06-03 23:41:56 +02:00
if ( $proxy_cache_path ! = false ) {
if ( is_string ( $proxy_cache_path) or is_hash ( $proxy_cache_path)) { }
else {
fail ( 'proxy_cache_path must be a string or a hash' )
}
2014-09-20 20:29:40 +02:00
}
validate_re ( $proxy_cache_levels, '^[12](:[12])*$' )
validate_string ( $proxy_cache_keys_zone)
validate_string ( $proxy_cache_max_size)
validate_string ( $proxy_cache_inactive)
if ( $fastcgi_cache_path ! = false ) {
validate_string ( $fastcgi_cache_path)
}
validate_re ( $fastcgi_cache_levels, '^[12](:[12])*$' )
validate_string ( $fastcgi_cache_keys_zone)
validate_string ( $fastcgi_cache_max_size)
validate_string ( $fastcgi_cache_inactive)
if ( $fastcgi_cache_key ! = false ) {
validate_string ( $fastcgi_cache_key)
}
if ( $fastcgi_cache_use_stale ! = false ) {
validate_string ( $fastcgi_cache_use_stale)
}
validate_bool ( $mail)
validate_string ( $server_tokens)
validate_string ( $client_max_body_size)
if ( ! is_integer ( $names_hash_bucket_size)) {
fail ( '$names_hash_bucket_size must be an integer.' )
}
if ( ! is_integer ( $names_hash_max_size)) {
fail ( '$names_hash_max_size must be an integer.' )
}
validate_string ( $proxy_buffers)
validate_string ( $proxy_buffer_size)
if ( $http_cfg_append ! = false ) {
if ! ( is_hash ( $http_cfg_append) or is_array ( $http_cfg_append)) {
fail ( '$http_cfg_append must be either a hash or array' )
}
}
2014-12-26 17:54:26 +01:00
if ( $nginx_cfg_prepend ! = false ) {
if ! ( is_hash ( $nginx_cfg_prepend) or is_array ( $nginx_cfg_prepend)) {
fail ( '$nginx_cfg_prepend must be either a hash or array' )
}
}
2014-09-20 20:29:40 +02:00
validate_string ( $nginx_error_log)
2015-11-01 14:14:08 +01:00
validate_re ( $nginx_error_log_severity, [ 'debug','info','notice','warn','error','crit','alert','emerg' ] , '$nginx_error_log_severity must be debug, info, notice, warn, error, crit, alert or emerg' )
2014-09-20 20:29:40 +02:00
validate_string ( $http_access_log)
validate_string ( $proxy_headers_hash_bucket_size)
validate_bool ( $super_user)
### END VALIDATIONS ###
### CONFIGURATION ###
2011-06-15 21:40:42 +02:00
File {
2014-07-03 16:06:54 +02:00
owner => $global_owner,
group => $global_group,
mode => $global_mode,
2011-06-15 21:40:42 +02:00
}
2014-06-13 12:15:42 +02:00
file { $conf_dir:
2011-06-15 21:40:42 +02:00
ensure => directory ,
}
2015-10-02 20:41:28 +02:00
file { "${conf_dir}/conf.stream.d" :
ensure => directory ,
}
if $confd_purge = = true {
File [ "${conf_dir}/conf.stream.d" ] {
purge => true ,
recurse => true ,
}
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.d" :
2011-06-15 21:40:42 +02:00
ensure => directory ,
}
2012-09-30 10:30:04 +02:00
if $confd_purge = = true {
2014-06-13 12:15:42 +02:00
File [ "${conf_dir}/conf.d" ] {
2013-03-16 10:34:07 +01:00
purge => true ,
2012-09-30 10:30:04 +02:00
recurse => true ,
2014-12-10 20:16:03 +01:00
notify => Class [ '::nginx::service' ] ,
2012-09-30 10:30:04 +02:00
}
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.mail.d" :
add support for mail module
See http://wiki.nginx.org/Modules#Mail_modules
Sample Usage:
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => 'true',
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
2013-03-11 14:05:00 +01:00
ensure => directory ,
}
if $confd_purge = = true {
2014-06-13 12:15:42 +02:00
File [ "${conf_dir}/conf.mail.d" ] {
2013-05-08 14:15:42 +02:00
purge => true ,
add support for mail module
See http://wiki.nginx.org/Modules#Mail_modules
Sample Usage:
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => 'true',
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
2013-03-11 14:05:00 +01:00
recurse => true ,
}
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.d/vhost_autogen.conf" :
2013-12-01 01:56:38 +01:00
ensure => absent ,
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.mail.d/vhost_autogen.conf" :
2013-12-01 01:56:38 +01:00
ensure => absent ,
}
2014-03-07 15:52:38 +01:00
file { $run_dir:
2011-06-15 21:40:42 +02:00
ensure => directory ,
}
2015-05-29 18:45:51 +02:00
file { $log_dir:
ensure => directory ,
}
2014-03-07 15:52:38 +01:00
file { $client_body_temp_path:
2011-06-15 21:40:42 +02:00
ensure => directory ,
2014-06-05 00:00:41 +02:00
owner => $daemon_user,
2011-06-15 21:40:42 +02:00
}
2014-03-07 15:52:38 +01:00
file { $proxy_temp_path:
2011-06-15 21:40:42 +02:00
ensure => directory ,
2014-06-05 00:00:41 +02:00
owner => $daemon_user,
2011-06-15 21:40:42 +02:00
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/sites-available" :
2014-07-18 04:00:16 +02:00
ensure => directory ,
2014-07-03 16:06:54 +02:00
owner => $sites_available_owner,
group => $sites_available_group,
mode => $sites_available_mode,
2013-12-01 01:51:31 +01:00
}
2014-03-07 20:39:40 +01:00
if $vhost_purge = = true {
2014-06-13 12:15:42 +02:00
File [ "${conf_dir}/sites-available" ] {
2014-03-07 20:39:40 +01:00
purge => true ,
recurse => true ,
}
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/sites-enabled" :
2013-12-01 01:51:31 +01:00
ensure => directory ,
}
2014-03-07 20:39:40 +01:00
if $vhost_purge = = true {
2014-06-13 12:15:42 +02:00
File [ "${conf_dir}/sites-enabled" ] {
2014-03-07 20:39:40 +01:00
purge => true ,
recurse => true ,
}
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/sites-enabled/default" :
2011-06-15 21:40:42 +02:00
ensure => absent ,
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/nginx.conf" :
2011-06-15 21:40:42 +02:00
ensure => file ,
2014-03-10 21:19:25 +01:00
content => template ( $conf_template),
2011-06-15 21:40:42 +02:00
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.d/proxy.conf" :
2015-06-12 15:25:26 +02:00
ensure => absent ,
2011-06-15 21:40:42 +02:00
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.d/default.conf" :
2014-03-28 13:37:49 +01:00
ensure => absent ,
}
2014-06-13 12:15:42 +02:00
file { "${conf_dir}/conf.d/example_ssl.conf" :
2014-03-28 13:37:49 +01:00
ensure => absent ,
}
2014-03-07 15:52:38 +01:00
file { "${temp_dir}/nginx.d" :
2013-12-02 19:53:10 +01:00
ensure => absent ,
purge => true ,
recurse => true ,
2014-03-04 10:03:17 +01:00
force => true ,
2013-12-02 19:53:10 +01:00
}
2014-03-07 15:52:38 +01:00
file { "${temp_dir}/nginx.mail.d" :
2013-12-02 19:53:10 +01:00
ensure => absent ,
purge => true ,
recurse => true ,
2014-03-04 10:03:17 +01:00
force => true ,
2013-12-02 19:53:10 +01:00
}
2011-06-15 21:40:42 +02:00
}