opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

* Fixed listen parameter in template vhost_ssl_header

Browse source 
* Added auth basic support
* Added vhost_cfg_append parameter to `nginx::resource::vhost`
This commit is contained in:
Lebedev Vadim 2013-05-20 18:30:32 +04:00
parent 9672b7d345
commit 4f0c311901
7 changed files with 72 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manifests/init.pp
View file

@ -42,8 +42,6 @@ class nginx (
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive, $proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
) inherits nginx::params { ) inherits nginx::params {
# notice($proxy_cache_path)
include stdlib include stdlib
class { 'nginx::package': class { 'nginx::package':

19
manifests/resource/location.pp
View file

@ -22,6 +22,14 @@
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location # [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*try_files*] - An array of file locations to try # [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use # [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# #
# Actions: # Actions:
# #
@ -70,6 +78,8 @@ define nginx::resource::location(
$try_files = undef, $try_files = undef,
$proxy_cache = false, $proxy_cache = false,
$proxy_cache_valid = false, $proxy_cache_valid = false,
$auth_basic = undef,
$auth_basic_user_file = undef,
$location $location
) { ) {
File { File {
@ -124,4 +134,13 @@ define nginx::resource::location(
content => $content_real, content => $content_real,
} }
} }
if ($auth_basic_user_file != undef) {
#Generate htpasswd with provided file-locations
file { "${nginx::params::nx_conf_dir}/${name}_htpasswd":
ensure => $ensure,
mode => '0644',
source => $auth_basic_user_file,
}
}
} }

22
manifests/resource/vhost.pp
View file

@ -29,6 +29,16 @@
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
# duplicate content (SEO); # duplicate content (SEO);
# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy. # [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*vhost_cfg_append*] - It expects a hash with custom directives to put
# after everything else inside vhost
# #
# Actions: # Actions:
# #
@ -69,6 +79,9 @@ define nginx::resource::vhost(
$try_files = undef, $try_files = undef,
$proxy_cache = false, $proxy_cache = false,
$proxy_cache_valid = false, $proxy_cache_valid = false,
$auth_basic = undef,
$auth_basic_user_file = undef,
$vhost_cfg_append = undef
) { ) {
File { File {
@ -167,16 +180,21 @@ define nginx::resource::vhost(
content => template('nginx/vhost/vhost_footer.erb'), content => template('nginx/vhost/vhost_footer.erb'),
notify => Class['nginx::service'], notify => Class['nginx::service'],
} }
#Generate ssl key/cert with provided file-locations #Generate ssl key/cert with provided file-locations
file { "${nginx::params::nx_conf_dir}/${name}.crt":
$cert = regsubst($name,' ','_')
file { "${nginx::params::nx_conf_dir}/${cert}.crt":
ensure => $ensure, ensure => $ensure,
mode => '0644', mode => '0644',
source => $ssl_cert, source => $ssl_cert,
} }
file { "${nginx::params::nx_conf_dir}/${name}.key": file { "${nginx::params::nx_conf_dir}/${cert}.key":
ensure => $ensure, ensure => $ensure,
mode => '0644', mode => '0644',
source => $ssl_key, source => $ssl_key,
} }
} }
} }

5
templates/vhost/vhost_footer.erb
View file

@ -1,3 +1,8 @@
<% if @vhost_cfg_append -%><% vhost_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
} }
<% if rewrite_www_to_non_www %> <% if rewrite_www_to_non_www %>

6
templates/vhost/vhost_header.erb
View file

@ -6,4 +6,10 @@ server {
<% end %> <% end %>
server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>; server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log; access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log;
<% if defined? auth_basic -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>

18
templates/vhost/vhost_location_directory.erb
View file

@ -3,13 +3,19 @@
<%= key %> <%= value %>; <%= key %> <%= value %>;
<% end -%><% end -%> <% end -%><% end -%>
root <%= www_root %>; root <%= www_root %>;
<% if @try_files -%> <% if @try_files -%>
try_files <% try_files.each do |try| -%> <%= try %> <% end -%>; try_files <% try_files.each do |try| -%> <%= try %> <% end -%>;
<% end -%> <% end -%>
<% if index_files -%> <% if index_files -%>
index <% index_files.each do |i| %> <%= i %> <% end %>; index <% index_files.each do |i| %> <%= i %><% end %>;
<% end -%> <% end -%>
<% if defined? auth_basic -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
<% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%> <% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>; <%= key %> <%= value %>;
<% end -%><% end -%> <% end -%><% end -%>
} }

13
templates/vhost/vhost_ssl_header.erb
View file

@ -1,5 +1,5 @@
server { server {
listen <%= ssl_port %>; listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>;
<% if ipv6_enable == 'true' && (defined? ipaddress6) %> <% if ipv6_enable == 'true' && (defined? ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on; listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %> <% end %>
@ -7,11 +7,18 @@ server {
ssl on; ssl on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.crt; ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.key; ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1; ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
<% if auth_basic != :undef -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if auth_basic_user_file != :undef -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>