opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #120 from abraham1901/dev

Browse source 
Aggregated some PR & tested & simple bug fix & add new option
This commit is contained in:
James Fryman 2013-09-15 17:29:56 -07:00
commit 315d7e109f
8 changed files with 133 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manifests/config.pp
View file

@ -30,6 +30,8 @@ class nginx::config(
$client_max_body_size = $nginx::params::nx_client_max_body_size,
$proxy_buffers = $nginx::params::nx_proxy_buffers,
$http_cfg_append = $nginx::params::nx_http_cfg_append,
$nginx_error_log = $nginx::params::nx_nginx_error_log,
$http_access_log = $nginx::params::nx_http_access_log,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
) inherits nginx::params {
File {

4
manifests/init.pp
View file

@ -48,6 +48,8 @@ class nginx (
$proxy_buffers = $nginx::params::nx_proxy_buffers,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
$http_cfg_append = $nginx::params::nx_http_cfg_append,
$nginx_error_log = $nginx::params::nx_nginx_error_log,
$http_access_log = $nginx::params::nx_http_access_log,
$nginx_vhosts = {},
$nginx_upstreams = {},
$nginx_locations = {},
@ -75,6 +77,8 @@ class nginx (
proxy_buffers => $proxy_buffers,
proxy_buffer_size => $proxy_buffer_size,
http_cfg_append => $http_cfg_append,
nginx_error_log => $nginx_error_log,
http_access_log => $http_access_log,
require => Class['nginx::package'],
notify => Class['nginx::service'],
}

4
manifests/params.pp
View file

@ -85,6 +85,8 @@ class nginx::params {
$nx_http_cfg_append = false
$package_ensure = 'present'
$nx_nginx_error_log = "${nx_logdir}/error.log"
$nx_http_access_log = "${nx_logdir}/access.log"
$package_ensure = 'present'
}

55
manifests/resource/location.pp
View file

@ -3,27 +3,44 @@
# This definition creates a new location entry within a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified location (present|absent)
# [*vhost*] - Defines the default vHost for this location entry to include with
# [*location*] - Specifies the URI associated with this location entry
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
# [*index_files*] - Default index files for NGINX to read when traversing a directory
# [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction
# with nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds
# [*ensure*] - Enables or disables the specified location
# (present|absent)
# [*vhost*] - Defines the default vHost for this location
# entry to include with
# [*location*] - Specifies the URI associated with this location
# entry
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*proxy*] - Proxy server(s) for a location to connect to.
# Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout
# value of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so that you can split the script_name and path_info via regex
# [*ssl*] - Indicates whether to setup SSL bindings for this location.
# [*ssl_only*] - Required if the SSL and normal vHost have the same port.
# [*location_alias*] - Path to be used as basis for serving requests for this location
# [*stub_status*] - If true it will point configure module stub_status to provide nginx stats on location
# [*location_custom_cfg*] - Expects a hash with custom directives, cannot be used with other location types (proxy, fastcgi, root, or stub_status)
# [*location_cfg_prepend*] - Expects a hash with extra directives to put before anything else inside location (used with all other types except custom_cfg)
# [*location_cfg_append*] - Expects a hash with extra directives to put after everything else inside location (used with all other types except custom_cfg)
# [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so
# that you can split the script_name and path_info via regex
# [*ssl*] - Indicates whether to setup SSL bindings for
# this location.
# [*ssl_only*] - Required if the SSL and normal vHost have the
# same port.
# [*location_alias*] - Path to be used as basis for serving requests
# for this location
# [*stub_status*] - If true it will point configure module
# stub_status to provide nginx stats on location
# [*location_custom_cfg*] - Expects a hash with custom directives, cannot
# be used with other location types (proxy, fastcgi, root, or stub_status)
# [*location_cfg_prepend*] - Expects a hash with extra directives to put
# before anything else inside location (used with all other types except
# custom_cfg)
# [*location_cfg_append*] - Expects a hash with extra directives to put
# after everything else inside location (used with all other types except
# custom_cfg)
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching.
@ -137,7 +154,7 @@ define nginx::resource::location (
$content_real = template('nginx/vhost/vhost_location_empty.erb')
}
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params':
ensure => present,
mode => '0770',

101
manifests/resource/vhost.pp
View file

@ -3,36 +3,56 @@
# This definition creates a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified vhost (present|absent)
# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default.
# [*ensure*] - Enables or disables the specified vhost
# (present|absent)
# [*listen_ip*] - Default IP Address for NGINX to listen with this
# vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like
# 'default' to catchall. Undef by default.
# [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
# support exists on your system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
# While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*index_files*] - Default index files for NGINX to read when traversing a directory
# [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in
# conjunction with nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support
# (false|true). Module will check to see if IPv6 support exists on your
# system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with
# this vHost on. Defaults to all interfaces (::)
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*ipv6_listen_options*] - Extra options for listen directive like 'default'
# to catchall. Template will allways add ipv6only=on. While issue
# jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*proxy*] - Proxy server(s) for the root location to connect
# to. Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value
# of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*ssl*] - Indicates whether to setup SSL bindings for this vhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'.
# [*ssl_ciphers*] - SSL ciphers enabled. Defaults to 'HIGH:!aNULL:!MD5'.
# [*ssl*] - Indicates whether to setup SSL bindings for this
# vhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
# for SSL Support. This is not generated by this module.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL
# Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL
# vHost on. Defaults to TCP 443
# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1
# TLSv1.1 TLSv1.2'.
# [*ssl_ciphers*] - SSL ciphers enabled. Defaults to
# 'HIGH:!aNULL:!MD5'.
# [*spdy*] - Toggles SPDY protocol.
# [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
# [*server_name*] - List of vhostnames for which this vhost will
# respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to
# rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO);
# rewrite www.domain.com to domain.com in order to avoid duplicate
# content (SEO);
# [*try_files*] - Specifies the locations for files to be
# checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
@ -45,9 +65,15 @@
# the authentication realm.
# [*vhost_cfg_append*] - It expects a hash with custom directives to
# put after everything else inside vhost
# [*vhost_cfg_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to
# rewrite to ssl
# [*include_files*] - Adds include files to vhost
# [*access_log*] - Where to write access log. May add additional
# options like log format to the end.
# [*error_log*] - Where to write error log. May add additional
# options like error level to the end.
#
# Actions:
#
@ -101,8 +127,11 @@ define nginx::resource::vhost (
$try_files = undef,
$auth_basic = undef,
$auth_basic_user_file = undef,
$vhost_cfg_prepend = undef,
$vhost_cfg_append = undef,
$include_files = undef
$include_files = undef,
$access_log = undef,
$error_log = undef,
) {
validate_array($location_allow)
@ -132,6 +161,19 @@ define nginx::resource::vhost (
}
}
# This was a lot to add up in parameter list so add it down here
# Also opted to add more logic here and keep template cleaner which
# unfortunately means resorting to the $varname_real thing
$domain_log_name = regsubst($name, ' ', '_', 'G')
$access_log_real = $access_log ? {
undef => "${nginx::params::nx_logdir}/${domain_log_name}.access.log",
default => $access_log,
}
$error_log_real = $error_log ? {
undef => "${nginx::params::nx_logdir}/${domain_log_name}.error.log",
default => $error_log,
}
# Use the File Fragment Pattern to construct the configuration files.
# Create the base configuration file reference.
if ($listen_port != $ssl_port) {
@ -183,7 +225,7 @@ define nginx::resource::vhost (
location_cfg_append => $location_cfg_append }
}
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params':
ensure => present,
mode => '0770',
@ -198,6 +240,15 @@ define nginx::resource::vhost (
# Create SSL File Stubs if SSL is enabled
if ($ssl == true) {
# Access and error logs are named differently in ssl template
$ssl_access_log = $access_log ? {
undef => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.access.log",
default => $access_log,
}
$ssl_error_log = $error_log ? {
undef => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.error.log",
default => $error_log,
}
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
ensure => $ensure ? {
'absent' => absent,

4
templates/conf.d/nginx.conf.erb
View file

@ -1,7 +1,7 @@
user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>;
worker_processes <%= @worker_processes %>;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log;
error_log <%= @nginx_error_log %>;
pid <%= scope.lookupvar('nginx::params::nx_pid')%>;
events {
@ -14,7 +14,7 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/access.log;
access_log <%= @http_access_log %>;
sendfile <%= scope.lookupvar('nginx::params::nx_sendfile')%>;

10
templates/vhost/vhost_header.erb
View file

@ -11,6 +11,12 @@ server {
<% if defined? @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%>
<%# make sure that allow comes before deny by forcing the allow key (if it -%>
<%# exists) to be first in the output order. The hash keys also need to be -%>
<%# sorted so that the ordering is stable. -%>
<% if @vhost_cfg_prepend -%><% vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% @proxy_set_header.each do |header| -%>
proxy_set_header <%= header %>;
<% end -%>
@ -20,6 +26,6 @@ server {
}
<% end -%>
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= @name.gsub(' ', '_') %>.access.log;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= @name.gsub(' ', '_') %>.error.log;
access_log <%= @access_log_real %>;
error_log <%= @error_log_real %>;

4
templates/vhost/vhost_ssl_header.erb
View file

@ -21,5 +21,5 @@ server {
auth_basic_user_file "<%= @auth_basic_user_file %>";
<% end -%>
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= @name.gsub(' ', '_') %>.access.log;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= @name.gsub(' ', '_') %>.error.log;
access_log <%= @ssl_access_log %>;
error_log <%= @ssl_error_log %>;