From 4f0c3119010381a057e02e477e2c316113899b1c Mon Sep 17 00:00:00 2001 From: Lebedev Vadim Date: Mon, 20 May 2013 18:30:32 +0400 Subject: [PATCH] * Fixed listen parameter in template vhost_ssl_header * Added auth basic support * Added vhost_cfg_append parameter to `nginx::resource::vhost` --- manifests/init.pp | 2 -- manifests/resource/location.pp | 19 +++++++++++++++++ manifests/resource/vhost.pp | 22 ++++++++++++++++++-- templates/vhost/vhost_footer.erb | 5 +++++ templates/vhost/vhost_header.erb | 6 ++++++ templates/vhost/vhost_location_directory.erb | 18 ++++++++++------ templates/vhost/vhost_ssl_header.erb | 13 +++++++++--- 7 files changed, 72 insertions(+), 13 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 6bca250..7605536 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -42,8 +42,6 @@ class nginx ( $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, ) inherits nginx::params { -# notice($proxy_cache_path) - include stdlib class { 'nginx::package': diff --git a/manifests/resource/location.pp b/manifests/resource/location.pp index 3d44b4a..5f8c384 100644 --- a/manifests/resource/location.pp +++ b/manifests/resource/location.pp @@ -22,6 +22,14 @@ # [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location # [*try_files*] - An array of file locations to try # [*option*] - Reserved for future use +# [*proxy_cache*] - This directive sets name of zone for caching. +# The same zone can be used in multiple places. +# [*proxy_cache_valid*] - This directive sets the time for caching +# different replies. +# [*auth_basic*] - This directive includes testing name and password +# with HTTP Basic Authentication. +# [*auth_basic_user_file*] - This directive sets the htpasswd filename for +# the authentication realm. # # Actions: # @@ -70,6 +78,8 @@ define nginx::resource::location( $try_files = undef, $proxy_cache = false, $proxy_cache_valid = false, + $auth_basic = undef, + $auth_basic_user_file = undef, $location ) { File { @@ -124,4 +134,13 @@ define nginx::resource::location( content => $content_real, } } + + if ($auth_basic_user_file != undef) { + #Generate htpasswd with provided file-locations + file { "${nginx::params::nx_conf_dir}/${name}_htpasswd": + ensure => $ensure, + mode => '0644', + source => $auth_basic_user_file, + } + } } diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index c0e013a..7b95e6f 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -29,6 +29,16 @@ # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid # duplicate content (SEO); # [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. +# [*proxy_cache*] - This directive sets name of zone for caching. +# The same zone can be used in multiple places. +# [*proxy_cache_valid*] - This directive sets the time for caching +# different replies. +# [*auth_basic*] - This directive includes testing name and password +# with HTTP Basic Authentication. +# [*auth_basic_user_file*] - This directive sets the htpasswd filename for +# the authentication realm. +# [*vhost_cfg_append*] - It expects a hash with custom directives to put +# after everything else inside vhost # # Actions: # @@ -69,6 +79,9 @@ define nginx::resource::vhost( $try_files = undef, $proxy_cache = false, $proxy_cache_valid = false, + $auth_basic = undef, + $auth_basic_user_file = undef, + $vhost_cfg_append = undef ) { File { @@ -167,16 +180,21 @@ define nginx::resource::vhost( content => template('nginx/vhost/vhost_footer.erb'), notify => Class['nginx::service'], } + #Generate ssl key/cert with provided file-locations - file { "${nginx::params::nx_conf_dir}/${name}.crt": + + $cert = regsubst($name,' ','_') + + file { "${nginx::params::nx_conf_dir}/${cert}.crt": ensure => $ensure, mode => '0644', source => $ssl_cert, } - file { "${nginx::params::nx_conf_dir}/${name}.key": + file { "${nginx::params::nx_conf_dir}/${cert}.key": ensure => $ensure, mode => '0644', source => $ssl_key, } } + } diff --git a/templates/vhost/vhost_footer.erb b/templates/vhost/vhost_footer.erb index 1d2f0c3..6654c0a 100644 --- a/templates/vhost/vhost_footer.erb +++ b/templates/vhost/vhost_footer.erb @@ -1,3 +1,8 @@ + +<% if @vhost_cfg_append -%><% vhost_cfg_append.each do |key,value| -%> + <%= key %> <%= value %>; +<% end -%><% end -%> + } <% if rewrite_www_to_non_www %> diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb index 904e81e..1b1068c 100644 --- a/templates/vhost/vhost_header.erb +++ b/templates/vhost/vhost_header.erb @@ -6,4 +6,10 @@ server { <% end %> server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>; access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log; + <% if defined? auth_basic -%> +auth_basic "<%= auth_basic %>"; + <% end -%> + <% if defined? auth_basic_user_file -%> +auth_basic_user_file <%= auth_basic_user_file %>; + <% end -%> diff --git a/templates/vhost/vhost_location_directory.erb b/templates/vhost/vhost_location_directory.erb index e645de7..c112d45 100644 --- a/templates/vhost/vhost_location_directory.erb +++ b/templates/vhost/vhost_location_directory.erb @@ -3,13 +3,19 @@ <%= key %> <%= value %>; <% end -%><% end -%> root <%= www_root %>; - <% if @try_files -%> +<% if @try_files -%> try_files <% try_files.each do |try| -%> <%= try %> <% end -%>; - <% end -%> - <% if index_files -%> -index <% index_files.each do |i| %> <%= i %> <% end %>; - <% end -%> +<% end -%> +<% if index_files -%> + index <% index_files.each do |i| %> <%= i %><% end %>; +<% end -%> +<% if defined? auth_basic -%> + auth_basic "<%= auth_basic %>"; +<% end -%> +<% if defined? auth_basic_user_file -%> + auth_basic_user_file <%= auth_basic_user_file %>; +<% end -%> <% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%> <%= key %> <%= value %>; <% end -%><% end -%> -} + } diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 94ef2d3..183e7d8 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -1,5 +1,5 @@ server { - listen <%= ssl_port %>; + listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>; <% if ipv6_enable == 'true' && (defined? ipaddress6) %> listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on; <% end %> @@ -7,11 +7,18 @@ server { ssl on; - ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.crt; - ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.key; + ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt; + ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; + +<% if auth_basic != :undef -%> + auth_basic "<%= auth_basic %>"; +<% end -%> +<% if auth_basic_user_file != :undef -%> + auth_basic_user_file <%= auth_basic_user_file %>; +<% end -%>