opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #120 from abraham1901/dev

Browse source 
Aggregated some PR & tested & simple bug fix & add new option
This commit is contained in:
James Fryman 2013-09-15 17:29:56 -07:00
commit 315d7e109f
8 changed files with 133 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manifests/config.pp
View file

@ -30,6 +30,8 @@ class nginx::config(
$client_max_body_size = $nginx::params::nx_client_max_body_size, $client_max_body_size = $nginx::params::nx_client_max_body_size,
$proxy_buffers = $nginx::params::nx_proxy_buffers, $proxy_buffers = $nginx::params::nx_proxy_buffers,
$http_cfg_append = $nginx::params::nx_http_cfg_append, $http_cfg_append = $nginx::params::nx_http_cfg_append,
$nginx_error_log = $nginx::params::nx_nginx_error_log,
$http_access_log = $nginx::params::nx_http_access_log,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size, $proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
) inherits nginx::params { ) inherits nginx::params {
File { File {

4
manifests/init.pp
View file

@ -48,6 +48,8 @@ class nginx (
$proxy_buffers = $nginx::params::nx_proxy_buffers, $proxy_buffers = $nginx::params::nx_proxy_buffers,
$proxy_buffer_size = $nginx::params::nx_proxy_buffer_size, $proxy_buffer_size = $nginx::params::nx_proxy_buffer_size,
$http_cfg_append = $nginx::params::nx_http_cfg_append, $http_cfg_append = $nginx::params::nx_http_cfg_append,
$nginx_error_log = $nginx::params::nx_nginx_error_log,
$http_access_log = $nginx::params::nx_http_access_log,
$nginx_vhosts = {}, $nginx_vhosts = {},
$nginx_upstreams = {}, $nginx_upstreams = {},
$nginx_locations = {}, $nginx_locations = {},
@ -75,6 +77,8 @@ class nginx (
proxy_buffers => $proxy_buffers, proxy_buffers => $proxy_buffers,
proxy_buffer_size => $proxy_buffer_size, proxy_buffer_size => $proxy_buffer_size,
http_cfg_append => $http_cfg_append, http_cfg_append => $http_cfg_append,
nginx_error_log => $nginx_error_log,
http_access_log => $http_access_log,
require => Class['nginx::package'], require => Class['nginx::package'],
notify => Class['nginx::service'], notify => Class['nginx::service'],
} }

4
manifests/params.pp
View file

@ -85,6 +85,8 @@ class nginx::params {
$nx_http_cfg_append = false $nx_http_cfg_append = false
$package_ensure = 'present' $nx_nginx_error_log = "${nx_logdir}/error.log"
$nx_http_access_log = "${nx_logdir}/access.log"
$package_ensure = 'present'
} }

55
manifests/resource/location.pp
View file

@ -3,27 +3,44 @@
# This definition creates a new location entry within a virtual host # This definition creates a new location entry within a virtual host
# #
# Parameters: # Parameters:
# [*ensure*] - Enables or disables the specified location (present|absent) # [*ensure*] - Enables or disables the specified location
# [*vhost*] - Defines the default vHost for this location entry to include with # (present|absent)
# [*location*] - Specifies the URI associated with this location entry # [*vhost*] - Defines the default vHost for this location
# [*location_allow*] - Array: Locations to allow connections from. # entry to include with
# [*location_deny*] - Array: Locations to deny connections from. # [*location*] - Specifies the URI associated with this location
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy # entry
# [*index_files*] - Default index files for NGINX to read when traversing a directory # [*location_allow*] - Array: Locations to allow connections from.
# [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction # [*location_deny*] - Array: Locations to deny connections from.
# with nginx::resource::upstream # [*www_root*] - Specifies the location on disk for files to be
# [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds # read from. Cannot be set in conjunction with $proxy
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*proxy*] - Proxy server(s) for a location to connect to.
# Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout
# value of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port) # [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use # [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter # [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so that you can split the script_name and path_info via regex # [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so
# [*ssl*] - Indicates whether to setup SSL bindings for this location. # that you can split the script_name and path_info via regex
# [*ssl_only*] - Required if the SSL and normal vHost have the same port. # [*ssl*] - Indicates whether to setup SSL bindings for
# [*location_alias*] - Path to be used as basis for serving requests for this location # this location.
# [*stub_status*] - If true it will point configure module stub_status to provide nginx stats on location # [*ssl_only*] - Required if the SSL and normal vHost have the
# [*location_custom_cfg*] - Expects a hash with custom directives, cannot be used with other location types (proxy, fastcgi, root, or stub_status) # same port.
# [*location_cfg_prepend*] - Expects a hash with extra directives to put before anything else inside location (used with all other types except custom_cfg) # [*location_alias*] - Path to be used as basis for serving requests
# [*location_cfg_append*] - Expects a hash with extra directives to put after everything else inside location (used with all other types except custom_cfg) # for this location
# [*stub_status*] - If true it will point configure module
# stub_status to provide nginx stats on location
# [*location_custom_cfg*] - Expects a hash with custom directives, cannot
# be used with other location types (proxy, fastcgi, root, or stub_status)
# [*location_cfg_prepend*] - Expects a hash with extra directives to put
# before anything else inside location (used with all other types except
# custom_cfg)
# [*location_cfg_append*] - Expects a hash with extra directives to put
# after everything else inside location (used with all other types except
# custom_cfg)
# [*try_files*] - An array of file locations to try # [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use # [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching. # [*proxy_cache*] - This directive sets name of zone for caching.
@ -137,7 +154,7 @@ define nginx::resource::location (
$content_real = template('nginx/vhost/vhost_location_empty.erb') $content_real = template('nginx/vhost/vhost_location_empty.erb')
} }
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) { if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params': file { '/etc/nginx/fastcgi_params':
ensure => present, ensure => present,
mode => '0770', mode => '0770',

101
manifests/resource/vhost.pp
View file

@ -3,36 +3,56 @@
# This definition creates a virtual host # This definition creates a virtual host
# #
# Parameters: # Parameters:
# [*ensure*] - Enables or disables the specified vhost (present|absent) # [*ensure*] - Enables or disables the specified vhost
# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*) # (present|absent)
# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80 # [*listen_ip*] - Default IP Address for NGINX to listen with this
# [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default. # vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this
# vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like
# 'default' to catchall. Undef by default.
# [*location_allow*] - Array: Locations to allow connections from. # [*location_allow*] - Array: Locations to allow connections from.
# [*location_deny*] - Array: Locations to deny connections from. # [*location_deny*] - Array: Locations to deny connections from.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6 # [*ipv6_enable*] - BOOL value to enable/disable IPv6 support
# support exists on your system before enabling. # (false|true). Module will check to see if IPv6 support exists on your
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::) # system before enabling.
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80 # [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with
# [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on. # this vHost on. Defaults to all interfaces (::)
# While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'. # [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this
# [*index_files*] - Default index files for NGINX to read when traversing a directory # vHost on. Defaults to TCP 80
# [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in # [*ipv6_listen_options*] - Extra options for listen directive like 'default'
# conjunction with nginx::resource::upstream # to catchall. Template will allways add ipv6only=on. While issue
# [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds # jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*index_files*] - Default index files for NGINX to read when
# traversing a directory
# [*proxy*] - Proxy server(s) for the root location to connect
# to. Accepts a single value, can be used in conjunction with
# nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value
# of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port) # [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use # [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter # [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*ssl*] - Indicates whether to setup SSL bindings for this vhost. # [*ssl*] - Indicates whether to setup SSL bindings for this
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module. # vhost.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module. # [*ssl_cert*] - Pre-generated SSL Certificate file to reference
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443 # for SSL Support. This is not generated by this module.
# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'. # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL
# [*ssl_ciphers*] - SSL ciphers enabled. Defaults to 'HIGH:!aNULL:!MD5'. # Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL
# vHost on. Defaults to TCP 443
# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1
# TLSv1.1 TLSv1.2'.
# [*ssl_ciphers*] - SSL ciphers enabled. Defaults to
# 'HIGH:!aNULL:!MD5'.
# [*spdy*] - Toggles SPDY protocol. # [*spdy*] - Toggles SPDY protocol.
# [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name]. # [*server_name*] - List of vhostnames for which this vhost will
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy # respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be
# read from. Cannot be set in conjunction with $proxy
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to
# rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO); # rewrite www.domain.com to domain.com in order to avoid duplicate
# content (SEO);
# [*try_files*] - Specifies the locations for files to be # [*try_files*] - Specifies the locations for files to be
# checked as an array. Cannot be used in conjuction with $proxy. # checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching. # [*proxy_cache*] - This directive sets name of zone for caching.
@ -45,9 +65,15 @@
# the authentication realm. # the authentication realm.
# [*vhost_cfg_append*] - It expects a hash with custom directives to # [*vhost_cfg_append*] - It expects a hash with custom directives to
# put after everything else inside vhost # put after everything else inside vhost
# [*vhost_cfg_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to # [*rewrite_to_https*] - Adds a server directive and rewrite rule to
# rewrite to ssl # rewrite to ssl
# [*include_files*] - Adds include files to vhost # [*include_files*] - Adds include files to vhost
# [*access_log*] - Where to write access log. May add additional
# options like log format to the end.
# [*error_log*] - Where to write error log. May add additional
# options like error level to the end.
# #
# Actions: # Actions:
# #
@ -101,8 +127,11 @@ define nginx::resource::vhost (
$try_files = undef, $try_files = undef,
$auth_basic = undef, $auth_basic = undef,
$auth_basic_user_file = undef, $auth_basic_user_file = undef,
$vhost_cfg_prepend = undef,
$vhost_cfg_append = undef, $vhost_cfg_append = undef,
$include_files = undef $include_files = undef,
$access_log = undef,
$error_log = undef,
) { ) {
validate_array($location_allow) validate_array($location_allow)
@ -132,6 +161,19 @@ define nginx::resource::vhost (
} }
} }
# This was a lot to add up in parameter list so add it down here
# Also opted to add more logic here and keep template cleaner which
# unfortunately means resorting to the $varname_real thing
$domain_log_name = regsubst($name, ' ', '_', 'G')
$access_log_real = $access_log ? {
undef => "${nginx::params::nx_logdir}/${domain_log_name}.access.log",
default => $access_log,
}
$error_log_real = $error_log ? {
undef => "${nginx::params::nx_logdir}/${domain_log_name}.error.log",
default => $error_log,
}
# Use the File Fragment Pattern to construct the configuration files. # Use the File Fragment Pattern to construct the configuration files.
# Create the base configuration file reference. # Create the base configuration file reference.
if ($listen_port != $ssl_port) { if ($listen_port != $ssl_port) {
@ -183,7 +225,7 @@ define nginx::resource::vhost (
location_cfg_append => $location_cfg_append } location_cfg_append => $location_cfg_append }
} }
if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) { if $fastcgi != undef and !defined(File['/etc/nginx/fastcgi_params']) {
file { '/etc/nginx/fastcgi_params': file { '/etc/nginx/fastcgi_params':
ensure => present, ensure => present,
mode => '0770', mode => '0770',
@ -198,6 +240,15 @@ define nginx::resource::vhost (
# Create SSL File Stubs if SSL is enabled # Create SSL File Stubs if SSL is enabled
if ($ssl == true) { if ($ssl == true) {
# Access and error logs are named differently in ssl template
$ssl_access_log = $access_log ? {
undef => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.access.log",
default => $access_log,
}
$ssl_error_log = $error_log ? {
undef => "${nginx::params::nx_logdir}/ssl-${domain_log_name}.error.log",
default => $error_log,
}
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl": file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
ensure => $ensure ? { ensure => $ensure ? {
'absent' => absent, 'absent' => absent,

4
templates/conf.d/nginx.conf.erb
View file

@ -1,7 +1,7 @@
user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>; user <%= scope.lookupvar('nginx::config::nx_daemon_user') %>;
worker_processes <%= @worker_processes %>; worker_processes <%= @worker_processes %>;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log; error_log <%= @nginx_error_log %>;
pid <%= scope.lookupvar('nginx::params::nx_pid')%>; pid <%= scope.lookupvar('nginx::params::nx_pid')%>;
events { events {
@ -14,7 +14,7 @@ http {
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/access.log; access_log <%= @http_access_log %>;
sendfile <%= scope.lookupvar('nginx::params::nx_sendfile')%>; sendfile <%= scope.lookupvar('nginx::params::nx_sendfile')%>;

10
templates/vhost/vhost_header.erb
View file

@ -11,6 +11,12 @@ server {
<% if defined? @auth_basic_user_file -%> <% if defined? @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>; auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%> <% end -%>
<%# make sure that allow comes before deny by forcing the allow key (if it -%>
<%# exists) to be first in the output order. The hash keys also need to be -%>
<%# sorted so that the ordering is stable. -%>
<% if @vhost_cfg_prepend -%><% vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% @proxy_set_header.each do |header| -%> <% @proxy_set_header.each do |header| -%>
proxy_set_header <%= header %>; proxy_set_header <%= header %>;
<% end -%> <% end -%>
@ -20,6 +26,6 @@ server {
} }
<% end -%> <% end -%>
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= @name.gsub(' ', '_') %>.access.log; access_log <%= @access_log_real %>;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= @name.gsub(' ', '_') %>.error.log; error_log <%= @error_log_real %>;

4
templates/vhost/vhost_ssl_header.erb
View file

@ -21,5 +21,5 @@ server {
auth_basic_user_file "<%= @auth_basic_user_file %>"; auth_basic_user_file "<%= @auth_basic_user_file %>";
<% end -%> <% end -%>
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= @name.gsub(' ', '_') %>.access.log; access_log <%= @ssl_access_log %>;
error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/ssl-<%= @name.gsub(' ', '_') %>.error.log; error_log <%= @ssl_error_log %>;