* Fixed listen parameter in template vhost_ssl_header

* Added auth basic support
* Added vhost_cfg_append parameter to `nginx::resource::vhost`
This commit is contained in:
Lebedev Vadim 2013-05-20 18:30:32 +04:00
parent 9672b7d345
commit 4f0c311901
7 changed files with 72 additions and 13 deletions

View file

@ -42,8 +42,6 @@ class nginx (
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
) inherits nginx::params {
# notice($proxy_cache_path)
include stdlib
class { 'nginx::package':

View file

@ -22,6 +22,14 @@
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
#
# Actions:
#
@ -70,6 +78,8 @@ define nginx::resource::location(
$try_files = undef,
$proxy_cache = false,
$proxy_cache_valid = false,
$auth_basic = undef,
$auth_basic_user_file = undef,
$location
) {
File {
@ -124,4 +134,13 @@ define nginx::resource::location(
content => $content_real,
}
}
if ($auth_basic_user_file != undef) {
#Generate htpasswd with provided file-locations
file { "${nginx::params::nx_conf_dir}/${name}_htpasswd":
ensure => $ensure,
mode => '0644',
source => $auth_basic_user_file,
}
}
}

View file

@ -29,6 +29,16 @@
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
# duplicate content (SEO);
# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*vhost_cfg_append*] - It expects a hash with custom directives to put
# after everything else inside vhost
#
# Actions:
#
@ -69,6 +79,9 @@ define nginx::resource::vhost(
$try_files = undef,
$proxy_cache = false,
$proxy_cache_valid = false,
$auth_basic = undef,
$auth_basic_user_file = undef,
$vhost_cfg_append = undef
) {
File {
@ -167,16 +180,21 @@ define nginx::resource::vhost(
content => template('nginx/vhost/vhost_footer.erb'),
notify => Class['nginx::service'],
}
#Generate ssl key/cert with provided file-locations
file { "${nginx::params::nx_conf_dir}/${name}.crt":
$cert = regsubst($name,' ','_')
file { "${nginx::params::nx_conf_dir}/${cert}.crt":
ensure => $ensure,
mode => '0644',
source => $ssl_cert,
}
file { "${nginx::params::nx_conf_dir}/${name}.key":
file { "${nginx::params::nx_conf_dir}/${cert}.key":
ensure => $ensure,
mode => '0644',
source => $ssl_key,
}
}
}

View file

@ -1,3 +1,8 @@
<% if @vhost_cfg_append -%><% vhost_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
}
<% if rewrite_www_to_non_www %>

View file

@ -6,4 +6,10 @@ server {
<% end %>
server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log;
<% if defined? auth_basic -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>

View file

@ -9,6 +9,12 @@
<% if index_files -%>
index <% index_files.each do |i| %> <%= i %><% end %>;
<% end -%>
<% if defined? auth_basic -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
<% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>

View file

@ -1,5 +1,5 @@
server {
listen <%= ssl_port %>;
listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>;
<% if ipv6_enable == 'true' && (defined? ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %>
@ -7,11 +7,18 @@ server {
ssl on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= scope.lookupvar('name') %>.key;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
<% if auth_basic != :undef -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if auth_basic_user_file != :undef -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>