2011-06-07 01:05:27 +02:00
|
|
|
# Class: nginx::config
|
|
|
|
#
|
|
|
|
# This module manages NGINX bootstrap and configuration
|
|
|
|
#
|
|
|
|
# Parameters:
|
2011-06-15 21:40:42 +02:00
|
|
|
#
|
|
|
|
# There are no default parameters for this class.
|
2011-06-07 01:05:27 +02:00
|
|
|
#
|
|
|
|
# Actions:
|
|
|
|
#
|
|
|
|
# Requires:
|
|
|
|
#
|
|
|
|
# Sample Usage:
|
|
|
|
#
|
|
|
|
# This class file is not called directly
|
2012-09-28 18:59:32 +02:00
|
|
|
class nginx::config(
|
2014-11-02 14:03:43 +01:00
|
|
|
### START Module/App Configuration ###
|
2014-11-22 19:40:01 +01:00
|
|
|
$client_body_temp_path = $::nginx::params::client_body_temp_path,
|
2014-11-08 17:22:30 +01:00
|
|
|
$confd_purge = false,
|
2014-11-22 19:40:01 +01:00
|
|
|
$conf_dir = $::nginx::params::conf_dir,
|
|
|
|
$daemon_user = $::nginx::params::daemon_user,
|
|
|
|
$global_owner = $::nginx::params::global_owner,
|
|
|
|
$global_group = $::nginx::params::global_group,
|
|
|
|
$global_mode = $::nginx::params::global_mode,
|
|
|
|
$log_dir = $::nginx::params::log_dir,
|
|
|
|
$http_access_log = $::nginx::params::http_access_log,
|
|
|
|
$nginx_error_log = $::nginx::params::nginx_error_log,
|
|
|
|
$pid = $::nginx::params::pid,
|
|
|
|
$proxy_temp_path = $::nginx::params::proxy_temp_path,
|
|
|
|
$root_group = $::nginx::params::root_group,
|
|
|
|
$run_dir = $::nginx::params::run_dir,
|
|
|
|
$sites_available_owner = $::nginx::params::sites_available_owner,
|
|
|
|
$sites_available_group = $::nginx::params::sites_available_group,
|
|
|
|
$sites_available_mode = $::nginx::params::sites_available_mode,
|
|
|
|
$super_user = $::nginx::params::super_user,
|
|
|
|
$temp_dir = $::nginx::params::temp_dir,
|
2014-11-08 17:22:30 +01:00
|
|
|
$vhost_purge = false,
|
2014-11-02 14:03:43 +01:00
|
|
|
|
|
|
|
# Primary Templates
|
2014-11-08 17:22:30 +01:00
|
|
|
$conf_template = 'nginx/conf.d/nginx.conf.erb',
|
|
|
|
$proxy_conf_template = 'nginx/conf.d/proxy.conf.erb',
|
2014-11-02 14:03:43 +01:00
|
|
|
### END Module/App Configuration ###
|
|
|
|
|
2014-11-08 17:22:30 +01:00
|
|
|
### START Nginx Configuration ###
|
|
|
|
$client_body_buffer_size = '128k',
|
|
|
|
$client_max_body_size = '10m',
|
|
|
|
$events_use = false,
|
|
|
|
$fastcgi_cache_inactive = '20m',
|
|
|
|
$fastcgi_cache_key = false,
|
|
|
|
$fastcgi_cache_keys_zone = 'd3:100m',
|
2014-11-24 18:22:41 +01:00
|
|
|
$fastcgi_cache_levels = '1',
|
2014-11-08 17:22:30 +01:00
|
|
|
$fastcgi_cache_max_size = '500m',
|
|
|
|
$fastcgi_cache_path = false,
|
|
|
|
$fastcgi_cache_use_stale = false,
|
|
|
|
$gzip = 'on',
|
2015-07-11 22:28:43 +02:00
|
|
|
$gzip_buffers = undef,
|
|
|
|
$gzip_comp_level = 1,
|
|
|
|
$gzip_disable = 'msie6',
|
|
|
|
$gzip_min_length = 20,
|
|
|
|
$gzip_http_version = 1.1,
|
|
|
|
$gzip_proxied = 'off',
|
|
|
|
$gzip_types = 'text/html',
|
|
|
|
$gzip_vary = 'off',
|
2014-11-08 17:22:30 +01:00
|
|
|
$http_cfg_append = false,
|
|
|
|
$http_tcp_nodelay = 'on',
|
|
|
|
$http_tcp_nopush = 'off',
|
2014-11-24 18:22:41 +01:00
|
|
|
$keepalive_timeout = '65',
|
2014-08-02 09:04:43 +02:00
|
|
|
$log_format = {},
|
2014-11-08 17:22:30 +01:00
|
|
|
$mail = false,
|
|
|
|
$multi_accept = 'off',
|
2014-11-24 18:22:41 +01:00
|
|
|
$names_hash_bucket_size = '64',
|
|
|
|
$names_hash_max_size = '512',
|
2014-12-26 17:54:26 +01:00
|
|
|
$nginx_cfg_prepend = false,
|
2014-11-08 17:22:30 +01:00
|
|
|
$proxy_buffers = '32 4k',
|
|
|
|
$proxy_buffer_size = '8k',
|
|
|
|
$proxy_cache_inactive = '20m',
|
|
|
|
$proxy_cache_keys_zone = 'd2:100m',
|
2014-11-24 18:22:41 +01:00
|
|
|
$proxy_cache_levels = '1',
|
2014-11-08 17:22:30 +01:00
|
|
|
$proxy_cache_max_size = '500m',
|
|
|
|
$proxy_cache_path = false,
|
2014-11-24 18:22:41 +01:00
|
|
|
$proxy_connect_timeout = '90',
|
|
|
|
$proxy_headers_hash_bucket_size = '64',
|
2014-12-18 11:13:50 +01:00
|
|
|
$proxy_http_version = undef,
|
2014-11-24 18:22:41 +01:00
|
|
|
$proxy_read_timeout = '90',
|
2014-11-08 17:22:30 +01:00
|
|
|
$proxy_redirect = 'off',
|
2014-11-24 18:22:41 +01:00
|
|
|
$proxy_send_timeout = '90',
|
2014-11-08 17:22:30 +01:00
|
|
|
$proxy_set_header = [
|
|
|
|
'Host $host',
|
|
|
|
'X-Real-IP $remote_addr',
|
|
|
|
'X-Forwarded-For $proxy_add_x_forwarded_for',
|
|
|
|
],
|
|
|
|
$sendfile = 'on',
|
|
|
|
$server_tokens = 'on',
|
|
|
|
$spdy = 'off',
|
|
|
|
$ssl_stapling = 'off',
|
2014-11-24 18:22:41 +01:00
|
|
|
$types_hash_bucket_size = '512',
|
|
|
|
$types_hash_max_size = '1024',
|
|
|
|
$worker_connections = '1024',
|
|
|
|
$worker_processes = '1',
|
|
|
|
$worker_rlimit_nofile = '1024',
|
2014-11-08 17:22:30 +01:00
|
|
|
### END Nginx Configuration ###
|
2014-11-22 19:40:01 +01:00
|
|
|
) inherits ::nginx::params {
|
2014-01-06 22:25:46 +01:00
|
|
|
|
2014-09-20 20:29:40 +02:00
|
|
|
### Validations ###
|
2015-04-02 05:34:31 +02:00
|
|
|
if ($worker_processes != 'auto') and (!is_integer($worker_processes)) {
|
2014-09-20 20:29:40 +02:00
|
|
|
fail('$worker_processes must be an integer or have value "auto".')
|
|
|
|
}
|
|
|
|
if (!is_integer($worker_connections)) {
|
|
|
|
fail('$worker_connections must be an integer.')
|
|
|
|
}
|
|
|
|
if (!is_integer($worker_rlimit_nofile)) {
|
|
|
|
fail('$worker_rlimit_nofile must be an integer.')
|
|
|
|
}
|
|
|
|
if (!is_string($events_use)) and ($events_use != false) {
|
|
|
|
fail('$events_use must be a string or false.')
|
|
|
|
}
|
|
|
|
validate_string($multi_accept)
|
|
|
|
validate_array($proxy_set_header)
|
2014-12-18 11:13:50 +01:00
|
|
|
if ($proxy_http_version != undef) {
|
2014-12-16 16:48:35 +01:00
|
|
|
validate_string($proxy_http_version)
|
|
|
|
}
|
2014-09-20 20:29:40 +02:00
|
|
|
validate_bool($confd_purge)
|
|
|
|
validate_bool($vhost_purge)
|
|
|
|
if ($proxy_cache_path != false) {
|
|
|
|
validate_string($proxy_cache_path)
|
|
|
|
}
|
|
|
|
validate_re($proxy_cache_levels, '^[12](:[12])*$')
|
|
|
|
validate_string($proxy_cache_keys_zone)
|
|
|
|
validate_string($proxy_cache_max_size)
|
|
|
|
validate_string($proxy_cache_inactive)
|
|
|
|
|
|
|
|
if ($fastcgi_cache_path != false) {
|
|
|
|
validate_string($fastcgi_cache_path)
|
|
|
|
}
|
|
|
|
validate_re($fastcgi_cache_levels, '^[12](:[12])*$')
|
|
|
|
validate_string($fastcgi_cache_keys_zone)
|
|
|
|
validate_string($fastcgi_cache_max_size)
|
|
|
|
validate_string($fastcgi_cache_inactive)
|
|
|
|
if ($fastcgi_cache_key != false) {
|
|
|
|
validate_string($fastcgi_cache_key)
|
|
|
|
}
|
|
|
|
if ($fastcgi_cache_use_stale != false) {
|
|
|
|
validate_string($fastcgi_cache_use_stale)
|
|
|
|
}
|
|
|
|
|
|
|
|
validate_bool($mail)
|
|
|
|
validate_string($server_tokens)
|
|
|
|
validate_string($client_max_body_size)
|
|
|
|
if (!is_integer($names_hash_bucket_size)) {
|
|
|
|
fail('$names_hash_bucket_size must be an integer.')
|
|
|
|
}
|
|
|
|
if (!is_integer($names_hash_max_size)) {
|
|
|
|
fail('$names_hash_max_size must be an integer.')
|
|
|
|
}
|
|
|
|
validate_string($proxy_buffers)
|
|
|
|
validate_string($proxy_buffer_size)
|
|
|
|
if ($http_cfg_append != false) {
|
|
|
|
if !(is_hash($http_cfg_append) or is_array($http_cfg_append)) {
|
|
|
|
fail('$http_cfg_append must be either a hash or array')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-12-26 17:54:26 +01:00
|
|
|
if ($nginx_cfg_prepend != false) {
|
|
|
|
if !(is_hash($nginx_cfg_prepend) or is_array($nginx_cfg_prepend)) {
|
|
|
|
fail('$nginx_cfg_prepend must be either a hash or array')
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-20 20:29:40 +02:00
|
|
|
validate_string($nginx_error_log)
|
|
|
|
validate_string($http_access_log)
|
|
|
|
validate_string($proxy_headers_hash_bucket_size)
|
|
|
|
validate_bool($super_user)
|
|
|
|
### END VALIDATIONS ###
|
|
|
|
|
|
|
|
|
|
|
|
### CONFIGURATION ###
|
2011-06-15 21:40:42 +02:00
|
|
|
File {
|
2014-07-03 16:06:54 +02:00
|
|
|
owner => $global_owner,
|
|
|
|
group => $global_group,
|
|
|
|
mode => $global_mode,
|
2011-06-15 21:40:42 +02:00
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { $conf_dir:
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => directory,
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.d":
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => directory,
|
|
|
|
}
|
2012-09-30 10:30:04 +02:00
|
|
|
if $confd_purge == true {
|
2014-06-13 12:15:42 +02:00
|
|
|
File["${conf_dir}/conf.d"] {
|
2013-03-16 10:34:07 +01:00
|
|
|
purge => true,
|
2012-09-30 10:30:04 +02:00
|
|
|
recurse => true,
|
2014-12-10 20:16:03 +01:00
|
|
|
notify => Class['::nginx::service'],
|
2012-09-30 10:30:04 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.mail.d":
|
add support for mail module
See http://wiki.nginx.org/Modules#Mail_modules
Sample Usage:
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => 'true',
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
2013-03-11 14:05:00 +01:00
|
|
|
ensure => directory,
|
|
|
|
}
|
|
|
|
if $confd_purge == true {
|
2014-06-13 12:15:42 +02:00
|
|
|
File["${conf_dir}/conf.mail.d"] {
|
2013-05-08 14:15:42 +02:00
|
|
|
purge => true,
|
add support for mail module
See http://wiki.nginx.org/Modules#Mail_modules
Sample Usage:
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => 'true',
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
2013-03-11 14:05:00 +01:00
|
|
|
recurse => true,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.d/vhost_autogen.conf":
|
2013-12-01 01:56:38 +01:00
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.mail.d/vhost_autogen.conf":
|
2013-12-01 01:56:38 +01:00
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
|
2014-03-07 15:52:38 +01:00
|
|
|
file {$run_dir:
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => directory,
|
|
|
|
}
|
|
|
|
|
2015-05-29 18:45:51 +02:00
|
|
|
file { $log_dir:
|
|
|
|
ensure => directory,
|
|
|
|
}
|
|
|
|
|
2014-03-07 15:52:38 +01:00
|
|
|
file {$client_body_temp_path:
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => directory,
|
2014-06-05 00:00:41 +02:00
|
|
|
owner => $daemon_user,
|
2011-06-15 21:40:42 +02:00
|
|
|
}
|
|
|
|
|
2014-03-07 15:52:38 +01:00
|
|
|
file {$proxy_temp_path:
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => directory,
|
2014-06-05 00:00:41 +02:00
|
|
|
owner => $daemon_user,
|
2011-06-15 21:40:42 +02:00
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/sites-available":
|
2014-07-18 04:00:16 +02:00
|
|
|
ensure => directory,
|
2014-07-03 16:06:54 +02:00
|
|
|
owner => $sites_available_owner,
|
|
|
|
group => $sites_available_group,
|
|
|
|
mode => $sites_available_mode,
|
2013-12-01 01:51:31 +01:00
|
|
|
}
|
|
|
|
|
2014-03-07 20:39:40 +01:00
|
|
|
if $vhost_purge == true {
|
2014-06-13 12:15:42 +02:00
|
|
|
File["${conf_dir}/sites-available"] {
|
2014-03-07 20:39:40 +01:00
|
|
|
purge => true,
|
|
|
|
recurse => true,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/sites-enabled":
|
2013-12-01 01:51:31 +01:00
|
|
|
ensure => directory,
|
|
|
|
}
|
|
|
|
|
2014-03-07 20:39:40 +01:00
|
|
|
if $vhost_purge == true {
|
2014-06-13 12:15:42 +02:00
|
|
|
File["${conf_dir}/sites-enabled"] {
|
2014-03-07 20:39:40 +01:00
|
|
|
purge => true,
|
|
|
|
recurse => true,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/sites-enabled/default":
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/nginx.conf":
|
2011-06-15 21:40:42 +02:00
|
|
|
ensure => file,
|
2014-03-10 21:19:25 +01:00
|
|
|
content => template($conf_template),
|
2011-06-15 21:40:42 +02:00
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.d/proxy.conf":
|
2015-06-12 15:25:26 +02:00
|
|
|
ensure => absent,
|
2011-06-15 21:40:42 +02:00
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.d/default.conf":
|
2014-03-28 13:37:49 +01:00
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
|
2014-06-13 12:15:42 +02:00
|
|
|
file { "${conf_dir}/conf.d/example_ssl.conf":
|
2014-03-28 13:37:49 +01:00
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
|
2014-03-07 15:52:38 +01:00
|
|
|
file { "${temp_dir}/nginx.d":
|
2013-12-02 19:53:10 +01:00
|
|
|
ensure => absent,
|
|
|
|
purge => true,
|
|
|
|
recurse => true,
|
2014-03-04 10:03:17 +01:00
|
|
|
force => true,
|
2013-12-02 19:53:10 +01:00
|
|
|
}
|
|
|
|
|
2014-03-07 15:52:38 +01:00
|
|
|
file { "${temp_dir}/nginx.mail.d":
|
2013-12-02 19:53:10 +01:00
|
|
|
ensure => absent,
|
|
|
|
purge => true,
|
|
|
|
recurse => true,
|
2014-03-04 10:03:17 +01:00
|
|
|
force => true,
|
2013-12-02 19:53:10 +01:00
|
|
|
}
|
2011-06-15 21:40:42 +02:00
|
|
|
}
|