opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #1 from jfryman/master

Browse source 
Merge upstream changes
This commit is contained in:
Steve Maddison 2015-05-19 14:22:28 +02:00
commit 58ef49662d
57 changed files with 1072 additions and 490 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
*.pp linguist-language=Puppet

3
.gitignore vendored
View file

@ -1,9 +1,10 @@
files/server_test.crt
files/server_test.pem
pkg/
pkg/
log/
Gemfile.lock
spec/fixtures/modules
spec/fixtures/manifests
vendor
.ruby-version
.vagrant/

31
.nodeset.yml
View file

@ -1,31 +0,0 @@
---
default_set: 'centos-64-x64'
sets:
'centos-59-x64':
nodes:
"main.foo.vm":
prefab: 'centos-59-x64'
'centos-64-x64':
nodes:
"main.foo.vm":
prefab: 'centos-64-x64'
'fedora-18-x64':
nodes:
"main.foo.vm":
prefab: 'fedora-18-x64'
'debian-607-x64':
nodes:
"main.foo.vm":
prefab: 'debian-607-x64'
'debian-70rc1-x64':
nodes:
"main.foo.vm":
prefab: 'debian-70rc1-x64'
'ubuntu-server-10044-x64':
nodes:
"main.foo.vm":
prefab: 'ubuntu-server-10044-x64'
'ubuntu-server-12042-x64':
nodes:
"main.foo.vm":
prefab: 'ubuntu-server-12042-x64'

15
.travis.yml
View file

@ -10,10 +10,6 @@ bundler_args: --without rake
matrix:
fast_finish: true
include:
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 2.7.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 2.0.0
@ -21,13 +17,6 @@ matrix:
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.5.0" FUTURE_PARSER="yes"
allow_failures:
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 2.7.0"
- rvm: 1.8.7
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 2.1.0
env: PUPPET_GEM_VERSION="~> 3.5.0" FUTURE_PARSER="yes"
env: PUPPET_GEM_VERSION="~> 4.0"
notifications:
email: false
email: false

6
Gemfile
View file

@ -7,14 +7,14 @@ end
group :rake, :test do
gem 'puppetlabs_spec_helper', '>=0.8.2', :require => false
gem 'puppet-blacksmith', :require => false
gem 'rspec-system-puppet', :require => false
gem 'beaker', :require => false
gem 'beaker-rspec', :require => false
end
group :rake do
gem 'rspec-puppet', '~>1.0'
gem 'rspec-puppet', '>=2.1.0', :require => false
gem 'rake', '>=0.9.2.2'
gem 'puppet-lint', '>=1.0.1'
gem 'rspec-system-serverspec', :require => false
end
if puppetversion = ENV['PUPPET_GEM_VERSION']

20
README.markdown
View file

@ -5,6 +5,8 @@
maintenance. Please take a look at [https://github.com/jfryman/puppet-nginx/blob/master/docs/hiera.md](https://github.com/jfryman/puppet-nginx/blob/master/docs/hiera.md)
before upgrading or installing Version 0.1.0 or greater.
[![Puppet
Forge](http://img.shields.io/puppetforge/v/jfryman/nginx.svg)](https://forge.puppetlabs.com/jfryman/nginx)
[![Build Status](https://travis-ci.org/jfryman/puppet-nginx.png)](https://travis-ci.org/jfryman/puppet-nginx)
@ -115,6 +117,7 @@ nginx::nginx_locations:
'static':
location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
vhost: www.puppetlabs.com
www_root: /var/www/html
'userContent':
location: /userContent
vhost: www.puppetlabs.com
@ -130,8 +133,9 @@ nginx::nginx_mailhosts:
## Nginx with precompiled Passenger
Currently this works only for Debian family.
Currently this works only for Debian family and OpenBSD.
On Debian it might look like:
```puppet
class { 'nginx':
package_source => 'passenger',
@ -141,6 +145,20 @@ class { 'nginx':
}
```
Here the example for OpenBSD:
```puppet
class { 'nginx':
package_flavor => 'passenger',
service_flags => '-u'
http_cfg_append => {
passenger_root => '/usr/local/lib/ruby/gems/2.1/gems/passenger-4.0.44',
passenger_ruby => '/usr/local/bin/ruby21',
passenger_max_pool_size => '15',
}
}
```
Package source `passenger` will add [Phusion Passenger repository](https://oss-binaries.phusionpassenger.com/apt/passenger) to APT sources.
For each virtual host you should specify which ruby should be used.

3
Rakefile
View file

@ -7,11 +7,10 @@ CLOBBER.include('.tmp', '.librarian')
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet_blacksmith/rake_tasks'
require 'rspec-system/rake_task'
task :default => [:clean, :spec]
PuppetLint.configuration.fail_on_warnings
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send('relative')
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')

9
manifests/config.pp
View file

@ -62,6 +62,7 @@ class nginx::config(
$multi_accept = 'off',
$names_hash_bucket_size = '64',
$names_hash_max_size = '512',
$nginx_cfg_prepend = false,
$proxy_buffers = '32 4k',
$proxy_buffer_size = '8k',
$proxy_cache_inactive = '20m',
@ -93,7 +94,7 @@ class nginx::config(
) inherits ::nginx::params {
### Validations ###
if (!is_string($worker_processes)) and (!is_integer($worker_processes)) {
if ($worker_processes != 'auto') and (!is_integer($worker_processes)) {
fail('$worker_processes must be an integer or have value "auto".')
}
if (!is_integer($worker_connections)) {
@ -151,6 +152,12 @@ class nginx::config(
}
}
if ($nginx_cfg_prepend != false) {
if !(is_hash($nginx_cfg_prepend) or is_array($nginx_cfg_prepend)) {
fail('$nginx_cfg_prepend must be either a hash or array')
}
}
validate_string($nginx_error_log)
validate_string($http_access_log)
validate_string($proxy_headers_hash_bucket_size)

19
manifests/init.pp
View file

@ -102,12 +102,14 @@ class nginx (
$package_ensure = present,
$package_name = $::nginx::params::package_name,
$package_source = 'nginx',
$package_flavor = undef,
$manage_repo = $::nginx::params::manage_repo,
### END Package Configuration ###
### START Service Configuation ###
$configtest_enable = false,
$service_ensure = running,
$service_flags = undef,
$service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart',
$service_name = undef,
### END Service Configuration ###
@ -210,6 +212,7 @@ class nginx (
package_name => $package_name,
package_source => $package_source,
package_ensure => $package_ensure,
package_flavor => $package_flavor,
notify => Class['::nginx::service'],
manage_repo => $manage_repo,
}
@ -281,24 +284,24 @@ class nginx (
sites_available_owner => $sites_available_owner,
sites_available_group => $sites_available_group,
sites_available_mode => $sites_available_mode,
require => Class['::nginx::package'],
notify => Class['::nginx::service'],
}
}
Class['::nginx::package'] -> Class['::nginx::config'] ~> Class['::nginx::service']
class { '::nginx::service':
configtest_enable => $configtest_enable,
service_ensure => $service_ensure,
service_restart => $service_restart,
service_name => $service_name,
service_flags => $service_flags,
}
create_resources('::nginx::resource::upstream', $nginx_upstreams)
create_resources('::nginx::resource::vhost', $nginx_vhosts, $nginx_vhosts_defaults)
create_resources('::nginx::resource::location', $nginx_locations)
create_resources('::nginx::resource::mailhost', $nginx_mailhosts)
create_resources('::nginx::resource::map', $string_mappings)
create_resources('::nginx::resource::geo', $geo_mappings)
create_resources('nginx::resource::upstream', $nginx_upstreams)
create_resources('nginx::resource::vhost', $nginx_vhosts, $nginx_vhosts_defaults)
create_resources('nginx::resource::location', $nginx_locations)
create_resources('nginx::resource::mailhost', $nginx_mailhosts)
create_resources('nginx::resource::map', $string_mappings)
create_resources('nginx::resource::geo', $geo_mappings)
# Allow the end user to establish relationships to the "main" class
# and preserve the relationship to the implementation classes through

9
manifests/package.pp
View file

@ -17,6 +17,7 @@ class nginx::package(
$package_name = $::nginx::params::package_name,
$package_source = 'nginx',
$package_ensure = 'present',
$package_flavor = undef,
$manage_repo = $::nginx::params::manage_repo,
) inherits ::nginx::params {
@ -57,8 +58,14 @@ class nginx::package(
source => $package_source,
}
}
'OpenBSD': {
package { $package_name:
ensure => $package_ensure,
flavor => $package_flavor,
}
}
default: {
package { 'nginx':
package { $package_name:
ensure => $package_ensure,
}
}

29
manifests/package/debian.pp
View file

@ -34,34 +34,35 @@ class nginx::package::debian(
case $package_source {
'nginx', 'nginx-stable': {
apt::source { 'nginx':
location => "http://nginx.org/packages/${distro}",
repos => 'nginx',
key => '7BD9BF62',
key_source => 'http://nginx.org/keys/nginx_signing.key',
location => "http://nginx.org/packages/${distro}",
repos => 'nginx',
key => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
}
}
'nginx-mainline': {
apt::source { 'nginx':
location => "http://nginx.org/packages/mainline/${distro}",
repos => 'nginx',
key => '7BD9BF62',
key_source => 'http://nginx.org/keys/nginx_signing.key',
location => "http://nginx.org/packages/mainline/${distro}",
repos => 'nginx',
key => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
}
}
'passenger': {
apt::source { 'nginx':
location => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
repos => 'main',
key => '561F9B9CAC40B2F7',
key_source => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt',
required_packages => 'apt-transport-https ca-certificates',
location => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
repos => 'main',
key => '16378A33A6EF16762922526E561F9B9CAC40B2F7',
}
package { ['apt-transport-https', 'ca-certificates']:
ensure => 'present',
before => Apt::Source['nginx'],
}
package { 'passenger':
ensure => 'present',
require => Exec['apt_update'],
}
if $package_name != 'nginx-extras' {
warning('You must set $package_name to "nginx-extras" to enable Passenger')
}

4
manifests/package/redhat.pp
View file

@ -39,7 +39,7 @@ class nginx::package::redhat (
gpgcheck => '1',
priority => '1',
gpgkey => 'http://nginx.org/keys/nginx_signing.key',
before => Package[$package_name],
before => Package['nginx'],
}
}
'nginx-mainline': {
@ -50,7 +50,7 @@ class nginx::package::redhat (
gpgcheck => '1',
priority => '1',
gpgkey => 'http://nginx.org/keys/nginx_signing.key',
before => Package[$package_name],
before => Package['nginx'],
}
}
default: {

2
manifests/params.pp
View file

@ -20,7 +20,7 @@ class nginx::params {
}
'Debian': {
if ($::operatingsystem == 'ubuntu' and $::lsbdistcodename in ['lucid', 'precise', 'trusty'])
or ($::operatingsystem == 'debian' and $::operatingsystemmajrelease in ['6', '7']) {
or ($::operatingsystem == 'debian' and $::operatingsystemmajrelease in ['6', '7', '8']) {
$_module_os_overrides = {
'manage_repo' => true,
'daemon_user' => 'www-data',

2
manifests/resource/geo.pp
View file

@ -38,7 +38,7 @@
#
# Sample Hiera usage:
#
# nginx::geos:
# nginx::geo_mappings:
# client_network:
# ensure: present
# ranges: false

47
manifests/resource/location.pp
View file

@ -36,6 +36,8 @@
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so
# that you can split the script_name and path_info via regex
# [*uwsgi*] - location of uwsgi (host:port)
# [*uwsgi_params*] - optional alternative uwsgi_params file to use
# [*ssl*] - Indicates whether to setup SSL bindings for
# this location.
# [*ssl_only*] - Required if the SSL and normal vHost have the
@ -145,6 +147,8 @@ define nginx::resource::location (
$fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params",
$fastcgi_script = undef,
$fastcgi_split_path = undef,
$uwsgi = undef,
$uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params",
$ssl = false,
$ssl_only = false,
$location_alias = undef,
@ -217,6 +221,10 @@ define nginx::resource::location (
if ($fastcgi_split_path != undef) {
validate_string($fastcgi_split_path)
}
if ($uwsgi != undef) {
validate_string($uwsgi)
}
validate_string($uwsgi_params)
validate_bool($internal)
@ -298,28 +306,29 @@ define nginx::resource::location (
default => file,
}
$vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
$config_file = "${::nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf"
$location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
$location_sanitized = regsubst($location_sanitized_tmp, '\\\\', '_', 'G')
## Check for various error conditions
if ($vhost == undef) {
fail('Cannot create a location reference without attaching to a virtual host')
}
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($location_custom_cfg == undef) and ($internal == false)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, internal, or location_custom_cfg defined')
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($uwsgi == undef) and ($location_custom_cfg == undef) and ($internal == false)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined')
}
if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}
# Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template.
# fastcgi_script is deprecated
if ($fastcgi_script != undef) {
warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!')
}
$vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
$config_file = "${::nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf"
$location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
$location_sanitized = regsubst($location_sanitized_tmp, '\\\\', '_', 'G')
# Use proxy or fastcgi template if $proxy is defined, otherwise use directory template.
if ($proxy != undef) {
$content_real = template('nginx/vhost/locations/proxy.erb')
@ -329,6 +338,8 @@ define nginx::resource::location (
$content_real = template('nginx/vhost/locations/stub_status.erb')
} elsif ($fastcgi != undef) {
$content_real = template('nginx/vhost/locations/fastcgi.erb')
} elsif ($uwsgi != undef) {
$content_real = template('nginx/vhost/locations/uwsgi.erb')
} elsif ($www_root != undef) {
$content_real = template('nginx/vhost/locations/directory.erb')
} else {
@ -343,12 +354,20 @@ define nginx::resource::location (
}
}
if $ensure == present and $uwsgi != undef and !defined(File[$uwsgi_params]) {
file { $uwsgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/uwsgi_params.erb'),
}
}
## Create stubs for vHost File Fragment Pattern
if ($ssl_only != true) {
$tmpFile=md5("${vhost_sanitized}-${priority}-${location_sanitized}")
concat::fragment { $tmpFile:
ensure => $ensure,
target => $config_file,
content => join([
template('nginx/vhost/location_header.erb'),
@ -365,7 +384,6 @@ define nginx::resource::location (
$sslTmpFile=md5("${vhost_sanitized}-${ssl_priority}-${location_sanitized}-ssl")
concat::fragment { $sslTmpFile:
ensure => $ensure,
target => $config_file,
content => join([
template('nginx/vhost/location_header.erb'),
@ -375,13 +393,4 @@ define nginx::resource::location (
order => $ssl_priority,
}
}
if ($auth_basic_user_file != undef) {
#Generate htpasswd with provided file-locations
file { "${::nginx::config::conf_dir}/${location_sanitized}_htpasswd":
ensure => $ensure_real,
mode => '0644',
source => $auth_basic_user_file,
}
}
}

10
manifests/resource/mailhost.pp
View file

@ -74,12 +74,16 @@ define nginx::resource::mailhost (
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($listen_ip)
if !(is_array($listen_ip) or is_string($listen_ip)) {
fail('$listen_ip must be a string or array.')
}
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_bool($ipv6_enable)
validate_string($ipv6_listen_ip)
if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
fail('$ipv6_listen_ip must be a string or array.')
}
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
@ -129,7 +133,6 @@ define nginx::resource::mailhost (
if ($listen_port != $ssl_port) {
concat::fragment { "${name}-header":
ensure => present,
target => $config_file,
content => template('nginx/mailhost/mailhost.erb'),
order => '001',
@ -139,7 +142,6 @@ define nginx::resource::mailhost (
# Create SSL File Stubs if SSL is enabled
if ($ssl) {
concat::fragment { "${name}-ssl":
ensure => present,
target => $config_file,
content => template('nginx/mailhost/mailhost_ssl.erb'),
order => '700',

95
manifests/resource/vhost.pp
View file

@ -44,6 +44,9 @@
# vhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference
# for SSL Support. This is not generated by this module.
# [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference
# for client verify SSL Support. This is not generated by this module.
# [*ssl_crl*] - String: Specifies CRL path in file system
# [*ssl_dhparam*] - This directive specifies a file containing
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
# format, utilized for exchanging session keys between server and client.
@ -125,6 +128,10 @@
# options like error level to the end.
# [*passenger_cgi_param*] - Allows one to define additional CGI environment
# variables to pass to the backend application
# [*passenger_set_header*] - Allows one to set headers to pass to the
# backend application (Passenger 5.0+)
# [*passenger_env_var*] - Allows one to set environemnt variables to pass
# to the backend application (Passenger 5.0+)
# [*log_by_lua*] - Run the Lua source code inlined as the
# <lua-script-str> at the log request processing phase.
# This does not replace the current access logs, but runs after.
@ -135,6 +142,9 @@
# [*owner*] - Defines owner of the .conf file
# [*group*] - Defines group of the .conf file
# [*mode*] - Defines mode of the .conf file
# [*maintenance*] - A boolean value to set a vhost in maintenance
# [*maintenance_value*] - Value to return when maintenance is on.
# Default to return 503
# Actions:
#
# Requires:
@ -162,12 +172,14 @@ define nginx::resource::vhost (
$ssl = false,
$ssl_listen_option = true,
$ssl_cert = undef,
$ssl_client_cert = undef,
$ssl_dhparam = undef,
$ssl_key = undef,
$ssl_port = '443',
$ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
$ssl_ciphers = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
$ssl_cache = 'shared:SSL:10m',
$ssl_crl = undef,
$ssl_stapling = false,
$ssl_stapling_file = undef,
$ssl_stapling_responder = undef,
@ -188,6 +200,8 @@ define nginx::resource::vhost (
$fastcgi = undef,
$fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params",
$fastcgi_script = undef,
$uwsgi = undef,
$uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params",
$index_files = [
'index.html',
'index.htm',
@ -221,6 +235,8 @@ define nginx::resource::vhost (
$error_log = undef,
$format_log = 'combined',
$passenger_cgi_param = undef,
$passenger_set_header = undef,
$passenger_env_var = undef,
$log_by_lua = undef,
$log_by_lua_file = undef,
$use_default_location = true,
@ -231,11 +247,15 @@ define nginx::resource::vhost (
$owner = $::nginx::config::global_owner,
$group = $::nginx::config::global_group,
$mode = $::nginx::config::global_mode,
$maintenance = false,
$maintenance_value = 'return 503'
) {
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
validate_string($listen_ip)
if !(is_array($listen_ip) or is_string($listen_ip)) {
fail('$listen_ip must be a string or array.')
}
if !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
@ -245,7 +265,9 @@ define nginx::resource::vhost (
validate_array($location_allow)
validate_array($location_deny)
validate_bool($ipv6_enable)
validate_string($ipv6_listen_ip)
if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
fail('$ipv6_listen_ip must be a string or array.')
}
if !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
@ -257,6 +279,12 @@ define nginx::resource::vhost (
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_client_cert != undef) {
validate_string($ssl_client_cert)
}
if ($ssl_crl != undef) {
validate_string($ssl_crl)
}
validate_bool($ssl_listen_option)
if ($ssl_dhparam != undef) {
validate_string($ssl_dhparam)
@ -311,6 +339,10 @@ define nginx::resource::vhost (
if ($fastcgi_script != undef) {
validate_string($fastcgi_script)
}
if ($uwsgi != undef) {
validate_string($uwsgi)
}
validate_string($uwsgi_params)
validate_array($index_files)
if ($autoindex != undef) {
validate_string($autoindex)
@ -393,6 +425,12 @@ define nginx::resource::vhost (
if ($passenger_cgi_param != undef) {
validate_hash($passenger_cgi_param)
}
if ($passenger_set_header != undef) {
validate_hash($passenger_set_header)
}
if ($passenger_env_var != undef) {
validate_hash($passenger_env_var)
}
if ($log_by_lua != undef) {
validate_string($log_by_lua)
}
@ -498,10 +536,12 @@ define nginx::resource::vhost (
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
uwsgi => $uwsgi,
uwsgi_params => $uwsgi_params,
try_files => $try_files,
www_root => $www_root,
autoindex => $autoindex,
index_files => [],
index_files => $index_files,
location_custom_cfg => $location_custom_cfg,
notify => Class['::nginx::service'],
rewrite_rules => $rewrite_rules,
@ -542,9 +582,16 @@ define nginx::resource::vhost (
}
}
if $uwsgi != undef and !defined(File[$uwsgi_params]) {
file { $uwsgi_params:
ensure => present,
mode => '0770',
content => template('nginx/vhost/uwsgi_params.erb'),
}
}
if ($listen_port != $ssl_port) {
concat::fragment { "${name_sanitized}-header":
ensure => present,
target => $config_file,
content => template('nginx/vhost/vhost_header.erb'),
order => '001',
@ -554,7 +601,6 @@ define nginx::resource::vhost (
# Create a proper file close stub.
if ($listen_port != $ssl_port) {
concat::fragment { "${name_sanitized}-footer":
ensure => present,
target => $config_file,
content => template('nginx/vhost/vhost_footer.erb'),
order => '699',
@ -589,43 +635,6 @@ define nginx::resource::vhost (
content => template('nginx/vhost/vhost_ssl_footer.erb'),
order => '999',
}
#Generate ssl key/cert with provided file-locations
$cert = regsubst($name,' ','_', 'G')
# Check if the file has been defined before creating the file to
# avoid the error when using wildcard cert on the multiple vhosts
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.crt", {
owner => $::nginx::config::daemon_user,
mode => '0444',
source => $ssl_cert,
})
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.key", {
owner => $::nginx::config::daemon_user,
mode => '0440',
source => $ssl_key,
})
if ($ssl_dhparam != undef) {
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.dh.pem", {
owner => $::nginx::config::daemon_user,
mode => '0440',
source => $ssl_dhparam,
})
}
if ($ssl_stapling_file != undef) {
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.ocsp.resp", {
owner => $::nginx::config::daemon_user,
mode => '0440',
source => $ssl_stapling_file,
})
}
if ($ssl_trusted_cert != undef) {
ensure_resource('file', "${::nginx::config::conf_dir}/${cert}.trusted.crt", {
owner => $::nginx::config::daemon_user,
mode => '0440',
source => $ssl_trusted_cert,
})
}
}
file{ "${name_sanitized}.conf symlink":
@ -633,7 +642,7 @@ define nginx::resource::vhost (
path => "${vhost_enable_dir}/${name_sanitized}.conf",
target => $config_file,
require => Concat[$config_file],
notify => Service['nginx'],
notify => Class['::nginx::service'],
}
create_resources('::nginx::resource::map', $string_mappings)

28
manifests/service.pp
View file

@ -18,6 +18,7 @@ class nginx::service(
$service_restart = $::nginx::service_restart,
$service_ensure = $::nginx::service_ensure,
$service_name = 'nginx',
$service_flags = undef,
) {
$service_enable = $service_ensure ? {
@ -34,13 +35,28 @@ class nginx::service(
$service_ensure_real = $service_ensure
}
service { 'nginx':
ensure => $service_ensure_real,
name => $service_name,
enable => $service_enable,
hasstatus => true,
hasrestart => true,
case $::osfamily {
'OpenBSD': {
service { 'nginx':
ensure => $service_ensure_real,
name => $service_name,
enable => $service_enable,
flags => $service_flags,
hasstatus => true,
hasrestart => true,
}
}
default: {
service { 'nginx':
ensure => $service_ensure_real,
name => $service_name,
enable => $service_enable,
hasstatus => true,
hasrestart => true,
}
}
}
if $configtest_enable == true {
Service['nginx'] {
restart => $service_restart,

29
metadata.json
View file

@ -1,32 +1,45 @@
{
"name": "jfryman-nginx",
"version": "0.2.1",
"version": "0.2.6",
"author": "James Fryman",
"summary": "Puppet NGINX management module",
"license": "MIT",
"source": "https://github.com/jfryman/puppet-nginx.git",
"project_page": "http://github.com/jfryman/puppet-nginx",
"issues_url": "https://github.com/jfryman/puppet-nginx/issues",
"description": "This module can be used for basic NGINX Management",
"dependencies": [
{"name":"puppetlabs/stdlib","version_requirement":">= 4.2.0 <5.0.0"},
{"name":"puppetlabs/apt","version_requirement":">= 1.0.0 <2.0.0"},
{"name":"puppetlabs/apt","version_requirement":">= 1.8.0 <3.0.0"},
{"name":"puppetlabs/concat","version_requirement":">= 1.1.1 <2.0.0"}
],
"requirements": [
{
"name": "pe",
"version_requirement": "3.x"
},
{
"name": "puppet",
"version_requirement": "3.x"
}
],
"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease":[
"5.0",
"6.0"
"5",
"6",
"7"
]
},
{
"operatingsystem": "OpenBSD"
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease":[
"5.0",
"6.0",
"7.0"
"5",
"6",
"7"
]
},
{

24
spec/acceptance/class_spec.rb Normal file
View file

@ -0,0 +1,24 @@
require 'spec_helper_acceptance'
describe "nginx class:" do
context 'default parameters' do
it 'should run successfully' do
pp = "class { 'nginx': }"
# Run it twice and test for idempotency
apply_manifest(pp, :catch_failures => true)
expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
end
end
describe package('nginx') do
it { is_expected.to be_installed }
end
describe service('nginx') do
it { is_expected.to be_running }
it { is_expected.to be_enabled }
end
end

39
spec/acceptance/nginx_mail_spec.rb Normal file
View file

@ -0,0 +1,39 @@
require 'spec_helper_acceptance'
describe "nginx::resource::mailhost define:" do
it 'should run successfully' do
pp = "
class { 'nginx':
mail => true,
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl => true,
ssl_port => 465,
ssl_cert => '/tmp/blah.cert',
ssl_key => '/tmp/blah.key',
xclient => 'off',
}
"
apply_manifest(pp, :catch_failures => true)
end
describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
it { is_expected.to be_file }
it { is_expected.to contain "auth_http localhost/cgi-bin/auth;" }
end
describe port(587) do
it { is_expected.to be_listening }
end
describe port(465) do
it { is_expected.to be_listening }
end
end

23
spec/system/nginx_proxy_spec.rb → spec/acceptance/nginx_proxy_spec.rb
View file

@ -1,4 +1,4 @@
require 'spec_helper_system'
require 'spec_helper_acceptance'
describe "nginx::resource::upstream define:" do
it 'should run successfully' do
@ -19,25 +19,20 @@ describe "nginx::resource::upstream define:" do
}
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
r.stderr.should be_empty
r.exit_code.should be_zero
end
apply_manifest(pp, :catch_failures => true)
end
describe file('/etc/nginx/conf.d/puppet_rack_app-upstream.conf') do
it { should be_file }
it { should contain "server localhost:3000" }
it { should contain "server localhost:3001" }
it { should contain "server localhost:3002" }
it { should_not contain "server localhost:3003" }
it { is_expected.to be_file }
it { is_expected.to contain "server localhost:3000" }
it { is_expected.to contain "server localhost:3001" }
it { is_expected.to contain "server localhost:3002" }
it { is_expected.not_to contain "server localhost:3003" }
end
describe file('/etc/nginx/sites-available/rack.puppetlabs.com.conf') do
it { should be_file }
it { should contain "proxy_pass http://puppet_rack_app;" }
it { is_expected.to be_file }
it { is_expected.to contain "proxy_pass http://puppet_rack_app;" }
end
end

52
spec/system/nginx_vhost_spec.rb → spec/acceptance/nginx_vhost_spec.rb
View file

@ -1,4 +1,4 @@
require 'spec_helper_system'
require 'spec_helper_acceptance'
describe "nginx::resource::vhost define:" do
context 'new vhost on port 80' do
@ -15,31 +15,30 @@ describe "nginx::resource::vhost define:" do
file { '/var/www/www.puppetlabs.com/index.html': ensure => file, content => 'Hello from www\n', }
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
r.stderr.should be_empty
r.exit_code.should be_zero
end
apply_manifest(pp, :catch_failures => true)
end
describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { should be_file }
it { should contain "www.puppetlabs.com" }
it { is_expected.to be_file }
it { is_expected.to contain "www.puppetlabs.com" }
end
describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
it { should be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
it { is_expected.to be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
end
describe service('nginx') do
it { should be_running }
it { is_expected.to be_running }
end
describe port(80) do
it { is_expected.to be_listening }
end
it 'should answer to www.puppetlabs.com' do
shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r|
r.stdout.should == "Hello from www\n"
r.exit_code.should be_zero
expect(r.stdout).to eq("Hello from www\n")
expect(r.exit_code).to be_zero
end
end
end
@ -61,39 +60,38 @@ describe "nginx::resource::vhost define:" do
file { '/var/www/www.puppetlabs.com/index.html': ensure => file, content => 'Hello from www\n', }
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
r.stderr.should be_empty
r.exit_code.should be_zero
end
apply_manifest(pp, :catch_failures => true)
end
describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { should be_file }
it { should contain "ssl on;" }
it { is_expected.to be_file }
it { is_expected.to contain "ssl on;" }
end
describe file('/etc/nginx/sites-enabled/www.puppetlabs.com.conf') do
it { should be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
it { is_expected.to be_linked_to '/etc/nginx/sites-available/www.puppetlabs.com.conf' }
end
describe service('nginx') do
it { should be_running }
it { is_expected.to be_running }
end
describe port(443) do
it { is_expected.to be_listening }
end
it 'should answer to http://www.puppetlabs.com' do
shell("/usr/bin/curl http://www.puppetlabs.com:80") do |r|
r.stdout.should == "Hello from www\n"
r.exit_code.should == 0
expect(r.stdout).to eq("Hello from www\n")
expect(r.exit_code).to eq(0)
end
end
it 'should answer to https://www.puppetlabs.com' do
# use --insecure because it's a self-signed cert
shell("/usr/bin/curl --insecure https://www.puppetlabs.com:443") do |r|
r.stdout.should == "Hello from www\n"
r.exit_code.should == 0
expect(r.stdout).to eq("Hello from www\n")
expect(r.exit_code).to eq(0)
end
end
end

11
spec/acceptance/nodesets/centos-5-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
centos-5-x64:
roles:
- master
platform: el-5-x86_64
box : puppetlabs/centos-5.11-64-nocm
box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-5.11-64-nocm
hypervisor : vagrant
CONFIG:
log_level: verbose
type: foss

11
spec/acceptance/nodesets/centos-6-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
centos-6-x64:
roles:
- master
platform: el-6-x86_64
box : puppetlabs/centos-6.6-64-nocm
box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-6.6-64-nocm
hypervisor : vagrant
CONFIG:
log_level: verbose
type: foss

11
spec/acceptance/nodesets/centos-7-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
centos-7-x64:
roles:
- master
platform: el-7-x86_64
box : puppetlabs/centos-7.0-64-nocm
box_url : https://vagrantcloud.com/puppetlabs/boxes/centos-7.0-64-nocm
hypervisor : vagrant
CONFIG:
log_level: verbose
type: foss

11
spec/acceptance/nodesets/debian-6-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
debian-6-x64:
roles:
- master
platform: debian-6-amd64
box : puppetlabs/debian-6.0.10-64-nocm
box_url : http://vagrantcloud.com/puppetlabs/debian-6.0.10-64-nocm
hypervisor : vagrant
CONFIG:
log_level: debug
type: git

11
spec/acceptance/nodesets/debian-7-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
debian-7-x64:
roles:
- master
platform: debian-7-amd64
box : puppetlabs/debian-7.8-64-nocm
box_url : http://vagrantcloud.com/puppetlabs/debian-7.8-64-nocm
hypervisor : vagrant
CONFIG:
log_level: debug
type: git

11
spec/acceptance/nodesets/default.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

11
spec/acceptance/nodesets/ubuntu-server-1204-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
ubuntu-server-1204-x64:
roles:
- master
platform: ubuntu-12.04-amd64
box: puppetlabs/ubuntu-12.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-12.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

11
spec/acceptance/nodesets/ubuntu-server-1404-x64.yml Normal file
View file

@ -0,0 +1,11 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

198
spec/classes/config_spec.rb
View file

@ -70,12 +70,30 @@ describe 'nginx::config' do
describe "nginx.conf template content" do
[
{
:title => 'should not set user',
:attr => 'super_user',
:value => false,
:notmatch => /user/,
},
{
:title => 'should set user',
:attr => 'daemon_user',
:value => 'test-user',
:match => 'user test-user;',
},
{
:title => 'should set worker_processes',
:attr => 'worker_processes',
:value => '4',
:match => 'worker_processes 4;',
},
{
:title => 'should set worker_processes',
:attr => 'worker_processes',
:value => 'auto',
:match => 'worker_processes auto;',
},
{
:title => 'should set worker_rlimit_nofile',
:attr => 'worker_rlimit_nofile',
@ -88,6 +106,18 @@ describe 'nginx::config' do
:value => '/path/to/error.log',
:match => 'error_log /path/to/error.log;',
},
{
:title => 'should set pid',
:attr => 'pid',
:value => '/path/to/pid',
:match => 'pid /path/to/pid;',
},
{
:title => 'should not set pid',
:attr => 'pid',
:value => false,
:notmatch => /pid/,
},
{
:title => 'should set worker_connections',
:attr => 'worker_connections',
@ -112,18 +142,108 @@ describe 'nginx::config' do
:value => {},
:notmatch => /log_format/,
},
{
:title => 'should set multi_accept',
:attr => 'multi_accept',
:value => 'on',
:match => /\s*multi_accept\s+on;/,
},
{
:title => 'should not set multi_accept',
:attr => 'multi_accept',
:value => 'off',
:notmatch => /multi_accept/,
},
{
:title => 'should set events_use',
:attr => 'events_use',
:value => 'eventport',
:match => /\s*use\s+eventport;/,
},
{
:title => 'should not set events_use',
:attr => 'events_use',
:value => false,
:notmatch => /use /,
},
{
:title => 'should set access_log',
:attr => 'http_access_log',
:value => '/path/to/access.log',
:match => ' access_log /path/to/access.log;',
},
{
:title => 'should set sendfile',
:attr => 'sendfile',
:value => 'on',
:match => ' sendfile on;',
},
{
:title => 'should not set sendfile',
:attr => 'sendfile',
:value => false,
:notmatch => /sendfile/,
},
{
:title => 'should set server_tokens',
:attr => 'server_tokens',
:value => 'on',
:match => ' server_tokens on;',
},
{
:title => 'should set types_hash_max_size',
:attr => 'types_hash_max_size',
:value => 10,
:match => ' types_hash_max_size 10;',
},
{
:title => 'should set types_hash_bucket_size',
:attr => 'types_hash_bucket_size',
:value => 10,
:match => ' types_hash_bucket_size 10;',
},
{
:title => 'should set server_names_hash_bucket_size',
:attr => 'names_hash_bucket_size',
:value => 10,
:match => ' server_names_hash_bucket_size 10;',
},
{
:title => 'should set server_names_hash_max_size',
:attr => 'names_hash_max_size',
:value => 10,
:match => ' server_names_hash_max_size 10;',
},
{
:title => 'should set keepalive_timeout',
:attr => 'keepalive_timeout',
:value => '123',
:match => ' keepalive_timeout 123;',
},
{
:title => 'should set tcp_nodelay',
:attr => 'http_tcp_nodelay',
:value => 'on',
:match => ' tcp_nodelay on;',
},
{
:title => 'should set tcp_nopush',
:attr => 'http_tcp_nopush',
:value => 'on',
:match => ' tcp_nopush on;',
},
{
:title => 'should set gzip',
:attr => 'gzip',
:value => 'on',
:match => ' gzip on;',
},
{
:title => 'should not set gzip',
:attr => 'gzip',
:value => 'off',
:notmatch => /gzip/,
},
{
:title => 'should set proxy_cache_path',
:attr => 'proxy_cache_path',
@ -134,7 +254,31 @@ describe 'nginx::config' do
:title => 'should not set proxy_cache_path',
:attr => 'proxy_cache_path',
:value => false,
:notmatch => %r'\s+proxy_cache_path\s+/path/to/proxy\.cache levels=1 keys_zone=d2:100m max_size=500m inactive=20m;',
:notmatch => /proxy_cache_path/,
},
{
:title => 'should set fastcgi_cache_path',
:attr => 'fastcgi_cache_path',
:value => '/path/to/proxy.cache',
:match => %r'\s*fastcgi_cache_path\s+/path/to/proxy.cache levels=1 keys_zone=d3:100m max_size=500m inactive=20m;',
},
{
:title => 'should not set fastcgi_cache_path',
:attr => 'fastcgi_cache_path',
:value => false,
:notmatch => /fastcgi_cache_path/,
},
{
:title => 'should set fastcgi_cache_use_stale',
:attr => 'fastcgi_cache_use_stale',
:value => 'invalid_header',
:match => ' fastcgi_cache_use_stale invalid_header;',
},
{
:title => 'should not set fastcgi_cache_use_stale',
:attr => 'fastcgi_cache_use_stale',
:value => false,
:notmatch => /fastcgi_cache_use_stale/,
},
{
:title => 'should contain ordered appended directives from hash',
@ -164,6 +308,35 @@ describe 'nginx::config' do
' test1 test value 2;',
],
},
{
:title => 'should contain ordered appended directives from hash',
:attr => 'nginx_cfg_prepend',
:value => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'allow' => 'test value 3' },
:match => [
'allow test value 3;',
'test1 test value 1;',
'test2 test value 2;',
],
},
{
:title => 'should contain duplicate appended directives from list of hashes',
:attr => 'nginx_cfg_prepend',
:value => [[ 'allow', 'test value 1'], ['allow', 'test value 2' ]],
:match => [
'allow test value 1;',
'allow test value 2;',
],
},
{
:title => 'should contain duplicate appended directives from array values',
:attr => 'nginx_cfg_prepend',
:value => { 'test1' => ['test value 1', 'test value 2', 'test value 3'] },
:match => [
'test1 test value 1;',
'test1 test value 2;',
'test1 test value 3;',
],
},
{
:title => 'should set pid',
:attr => 'pid',
@ -188,6 +361,18 @@ describe 'nginx::config' do
:value => '123',
:match => ' keepalive_timeout 123;',
},
{
:title => 'should set mail',
:attr => 'mail',
:value => true,
:match => 'mail {',
},
{
:title => 'should not set mail',
:attr => 'mail',
:value => false,
:notmatch => /mail/,
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do { param[:attr].to_sym => param[:value] } end
@ -199,7 +384,7 @@ describe 'nginx::config' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_file('/etc/nginx/nginx.conf').with_content(item) }
else
lines = subject.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n")
lines = catalogue.resource('file', '/etc/nginx/nginx.conf').send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
end
@ -269,7 +454,7 @@ describe 'nginx::config' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_file('/etc/nginx/conf.d/proxy.conf').with_content(item) }
else
lines = subject.resource('file', '/etc/nginx/conf.d/proxy.conf').send(:parameters)[:content].split("\n")
lines = catalogue.resource('file', '/etc/nginx/conf.d/proxy.conf').send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
end
@ -281,6 +466,13 @@ describe 'nginx::config' do
end
end
context "when conf_dir is /path/to/nginx" do
let(:params) {{:conf_dir => '/path/to/nginx'}}
it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/mime\.types;}) }
it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/conf\.d/\*\.conf;}) }
it { is_expected.to contain_file('/path/to/nginx/nginx.conf').with_content(%r{include /path/to/nginx/sites-enabled/\*;}) }
end
context "when confd_purge true" do
let(:params) {{:confd_purge => true}}
it { is_expected.to contain_file('/etc/nginx/conf.d').with(

6
spec/classes/package_spec.rb
View file

@ -67,8 +67,7 @@ describe 'nginx::package' do
it { is_expected.to contain_apt__source('nginx').with(
'location' => "http://nginx.org/packages/#{operatingsystem.downcase}",
'repos' => 'nginx',
'key' => '7BD9BF62',
'key_source' => 'http://nginx.org/keys/nginx_signing.key'
'key' => '573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62',
)}
it { is_expected.to contain_anchor('nginx::package::begin').that_comes_before('Class[nginx::package::debian]') }
it { is_expected.to contain_anchor('nginx::package::end').that_requires('Class[nginx::package::debian]') }
@ -88,8 +87,7 @@ describe 'nginx::package' do
it { is_expected.to contain_apt__source('nginx').with(
'location' => 'https://oss-binaries.phusionpassenger.com/apt/passenger',
'repos' => "main",
'key' => '561F9B9CAC40B2F7',
'key_source' => 'https://oss-binaries.phusionpassenger.com/auto-software-signing-gpg-key.txt'
'key' => '16378A33A6EF16762922526E561F9B9CAC40B2F7',
)}
end

2
spec/defines/resource_geo_spec.rb
View file

@ -99,7 +99,7 @@ describe 'nginx::resource::geo' do
it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/conf.d/#{title}-geo.conf", Array(param[:match]))
verify_contents(catalogue, "/etc/nginx/conf.d/#{title}-geo.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_file("/etc/nginx/conf.d/#{title}-geo.conf").without_content(item)
end

124
spec/defines/resource_location_spec.rb
View file

@ -148,6 +148,18 @@ describe 'nginx::resource::location' do
:value => [],
:notmatch => /rewrite/
},
{
:title => 'should set auth_basic',
:attr => 'auth_basic',
:value => 'value',
:match => ' auth_basic "value";',
},
{
:title => 'should set auth_basic_user_file',
:attr => 'auth_basic_user_file',
:value => 'value',
:match => ' auth_basic_user_file value;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do { :location => 'location', :proxy => 'proxy_value', :vhost => 'vhost1' } end
@ -162,7 +174,7 @@ describe 'nginx::resource::location' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = subject.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
@ -239,7 +251,7 @@ describe 'nginx::resource::location' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = subject.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
@ -250,7 +262,7 @@ describe 'nginx::resource::location' do
it "should end with a closing brace" do
fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
content = subject.resource('concat::fragment', fragment).send(:parameters)[:content]
content = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content]
expect((content.split("\n").reject {|l| l =~ /^(\s*#|$)/ }.last).strip).to eq('}')
end
end
@ -318,18 +330,6 @@ describe 'nginx::resource::location' do
:value => ['name1','name2'],
:match => ' index name1 name2;',
},
{
:title => 'should set auth_basic',
:attr => 'auth_basic',
:value => 'value',
:match => ' auth_basic "value";',
},
{
:title => 'should set auth_basic_user_file',
:attr => 'auth_basic_user_file',
:value => 'value',
:match => ' auth_basic_user_file value;',
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
@ -342,7 +342,7 @@ describe 'nginx::resource::location' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = subject.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
@ -403,7 +403,7 @@ describe 'nginx::resource::location' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = subject.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
@ -467,7 +467,7 @@ describe 'nginx::resource::location' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = subject.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
@ -519,6 +519,65 @@ describe 'nginx::resource::location' do
end
end
describe "vhost_location_uwsgi template content" do
let :default_params do
{
:location => 'location',
:uwsgi => 'unix:/home/project/uwsgi.socket',
:vhost => 'vhost1'
}
end
[
{
:title => 'should set www_root',
:attr => 'www_root',
:value => '/',
:match => %r'\s+root\s+/;'
},
{
:title => 'should set try_file(s)',
:attr => 'try_files',
:value => ['name1','name2'],
:match => %r'\s+try_files\s+name1 name2;',
},
{
:title => 'should set uwsgi_params',
:attr => 'uwsgi_params',
:value => 'value',
:match => %r'\s+include\s+value;'
},
{
:title => 'should set uwsgi_pass',
:attr => 'uwsgi',
:value => 'value',
:match => %r'\s+uwsgi_pass\s+value;'
},
].each do |param|
context "when #{param[:attr]} is #{param[:value]}" do
let :params do default_params.merge({ param[:attr].to_sym => param[:value] }) end
it { is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")) }
it param[:title] do
fragment = Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")
matches = Array(param[:match])
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-#{params[:location]}")).without_content(item)
end
end
end
end
end
describe "vhost_location_proxy template content" do
[
{
@ -603,7 +662,7 @@ describe 'nginx::resource::location' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment(fragment).with_content(item) }
else
lines = subject.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', fragment).send(:parameters)[:content].split("\n")
expect(lines & matches).to eq(matches)
end
@ -642,6 +701,13 @@ describe 'nginx::resource::location' do
it { is_expected.to contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
end
context 'when uwsgi => "unix:/home/project/uwsgi.socket"' do
let :params do { :uwsgi => 'uwsgi_upstream', :vhost => 'vhost1' } end
it { should contain_file('/etc/nginx/uwsgi_params') }
end
context 'when ssl_only => true' do
let :params do { :ssl_only => true, :vhost => 'vhost1', :www_root => '/', } end
it { is_expected.not_to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-500-rspec-test")) }
@ -665,24 +731,6 @@ describe 'nginx::resource::location' do
it { is_expected.not_to contain_concat__fragment(Digest::MD5.hexdigest("vhost1-800-rspec-test-ssl")) }
end
context 'when auth_basic_user_file => true' do
let :params do { :auth_basic_user_file => '/path/to/file', :vhost => 'vhost1', :www_root => '/', } end
it { is_expected.to contain_file("/etc/nginx/rspec-test_htpasswd") }
end
context 'when ensure => absent' do
let :params do {
:www_root => '/',
:vhost => 'vhost1',
:ensure => 'absent',
:ssl => true,
:auth_basic_user_file => '/path/to/file',
} end
it { is_expected.to contain_file("/etc/nginx/rspec-test_htpasswd").with_ensure('absent') }
end
context "vhost missing" do
let :params do {
:www_root => '/',
@ -696,7 +744,7 @@ describe 'nginx::resource::location' do
:vhost => 'vhost1',
} end
it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, stub_status, internal, or location_custom_cfg defined/) }
it { expect { is_expected.to contain_class('nginx::resource::location') }.to raise_error(Puppet::Error, /Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined/) }
end
context "www_root and proxy are set" do

21
spec/defines/resource_mailhost_spec.rb
View file

@ -139,7 +139,7 @@ describe 'nginx::resource::mailhost' do
it { is_expected.to contain_concat__fragment("#{title}-header") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
@ -193,7 +193,7 @@ describe 'nginx::resource::mailhost' do
it { is_expected.to contain_concat__fragment("#{title}-header") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("#{title}-header").without_content(item)
@ -209,29 +209,29 @@ describe 'nginx::resource::mailhost' do
:title => 'should set the IPv4 SSL listen port',
:attr => 'ssl_port',
:value => '45',
:match => ' listen 45;',
:match => ' listen *:45;',
},
{
:title => 'should enable IPv6',
:attr => 'ipv6_enable',
:value => true,
:match => ' listen [::]:80 default ipv6only=on;',
:match => ' listen [::]:587 default ipv6only=on;',
},
{
:title => 'should not enable IPv6',
:attr => 'ipv6_enable',
:value => false,
:notmatch => / listen \[::\]:80 default ipv6only=on;/,
:notmatch => / listen \[::\]:587 default ipv6only=on;/,
},
{
:title => 'should set the IPv6 listen IP',
:attr => 'ipv6_listen_ip',
:value => '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:80 default ipv6only=on;',
:match => ' listen [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;',
},
{
:title => 'should set the IPv6 listen port',
:attr => 'ipv6_listen_port',
:title => 'should set the IPv6 ssl port',
:attr => 'ssl_port',
:value => 45,
:match => ' listen [::]:45 default ipv6only=on;',
},
@ -239,7 +239,7 @@ describe 'nginx::resource::mailhost' do
:title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options',
:value => 'spdy',
:match => ' listen [::]:80 spdy;',
:match => ' listen [::]:587 spdy;',
},
{
:title => 'should set servername(s)',
@ -281,6 +281,7 @@ describe 'nginx::resource::mailhost' do
context "when #{param[:attr]} is #{param[:value]}" do
let :default_params do {
:listen_port => 25,
:ssl_port => 587,
:ipv6_enable => true,
:ssl => true,
:ssl_cert => 'dummy.crt',
@ -290,7 +291,7 @@ describe 'nginx::resource::mailhost' do
it { is_expected.to contain_concat__fragment("#{title}-ssl") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("#{title}-ssl").without_content(item)

2
spec/defines/resource_map_spec.rb
View file

@ -72,7 +72,7 @@ describe 'nginx::resource::map' do
it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").with_mode('0644') }
it param[:title] do
verify_contents(subject, "/etc/nginx/conf.d/#{title}-map.conf", Array(param[:match]))
verify_contents(catalogue, "/etc/nginx/conf.d/#{title}-map.conf", Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_file("/etc/nginx/conf.d/#{title}-map.conf").without_content(item)
end

2
spec/defines/resource_upstream_spec.rb
View file

@ -99,7 +99,7 @@ describe 'nginx::resource::upstream' do
it { is_expected.to contain_file("/etc/nginx/conf.d/#{title}-upstream.conf").with_mode('0644') }
it { is_expected.to contain_concat__fragment("#{title}_upstream_#{param[:fragment]}") }
it param[:title] do
lines = subject.resource('concat::fragment', "#{title}_upstream_#{param[:fragment]}").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}_upstream_#{param[:fragment]}").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
Array(param[:notmatch]).each do |item|
is_expected.to contain_concat__fragment("#{title}_upstream_#{param[:fragment]}").without_content(item)

145
spec/defines/resource_vhost_spec.rb
View file

@ -51,9 +51,8 @@ describe 'nginx::resource::vhost' do
:value => false,
:notmatch => %r|
^
\s+listen\s+\*:80;\n
\s+server_name\s+www\.rspec\.example\.com;\n
\s+return\s+301\s+http://rspec\.example\.com\$uri;
\s+return\s+301\s+http://rspec\.example\.com\$request_uri;
|x,
},
{
@ -62,9 +61,8 @@ describe 'nginx::resource::vhost' do
:value => true,
:match => %r|
^
\s+listen\s+\*:80;\n
\s+server_name\s+www\.rspec\.example\.com;\n
\s+return\s+301\s+http://rspec\.example\.com\$uri;
\s+return\s+301\s+http://rspec\.example\.com\$request_uri;
|x,
},
{
@ -255,7 +253,7 @@ describe 'nginx::resource::vhost' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment("#{title}-header").with_content(item) }
else
lines = subject.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-header").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
end
Array(param[:notmatch]).each do |item|
@ -274,9 +272,8 @@ describe 'nginx::resource::vhost' do
:value => false,
:notmatch => %r|
^
\s+listen\s+\*:443\s+ssl;\n
\s+server_name\s+www\.rspec\.example\.com;\n
\s+return\s+301\s+https://rspec\.example\.com\$uri;
\s+return\s+301\s+https://rspec\.example\.com\$request_uri;
|x,
},
{
@ -320,7 +317,7 @@ describe 'nginx::resource::vhost' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment("#{title}-footer").with_content(item) }
else
lines = subject.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-footer").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
end
Array(param[:notmatch]).each do |item|
@ -339,9 +336,8 @@ describe 'nginx::resource::vhost' do
:value => false,
:notmatch => %r|
^
\s+listen\s+\*:443\s+ssl;\n
\s+server_name\s+www\.rspec\.example\.com;\n
\s+return\s+301\s+https://rspec\.example\.com\$uri;
\s+return\s+301\s+https://rspec\.example\.com\$request_uri;
|x,
},
{
@ -350,9 +346,8 @@ describe 'nginx::resource::vhost' do
:value => true,
:match => %r|
^
\s+listen\s+\*:443\s+ssl;\n
\s+server_name\s+www\.rspec\.example\.com;\n
\s+return\s+301\s+https://rspec\.example\.com\$uri;
\s+return\s+301\s+https://rspec\.example\.com\$request_uri;
|x,
},
{
@ -433,6 +428,36 @@ describe 'nginx::resource::vhost' do
:value => false,
:match => %r'\s+server_name\s+www.rspec.example.com;',
},
{
:title => 'should set the SSL client certificate file',
:attr => 'ssl_client_cert',
:value => '/tmp/client_certificate',
:match => %r'\s+ssl_client_certificate\s+/tmp/client_certificate;',
},
{
:title => 'should set the SSL CRL file',
:attr => 'ssl_crl',
:value => '/tmp/crl',
:match => %r'\s+ssl_crl\s+/tmp/crl;',
},
{
:title => 'should set the SSL DH parameters file',
:attr => 'ssl_dhparam',
:value => '/tmp/dhparam',
:match => %r'\s+ssl_dhparam\s+/tmp/dhparam;',
},
{
:title => 'should set the SSL stapling file',
:attr => 'ssl_stapling_file',
:value => '/tmp/stapling_file',
:match => %r'\s+ssl_stapling_file\s+/tmp/stapling_file;',
},
{
:title => 'should set the SSL trusted certificate file',
:attr => 'ssl_trusted_cert',
:value => '/tmp/trusted_certificate',
:match => %r'\s+ssl_trusted_certificate\s+/tmp/trusted_certificate;',
},
{
:title => 'should set the SSL cache',
:attr => 'ssl_cache',
@ -576,7 +601,7 @@ describe 'nginx::resource::vhost' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(item) }
else
lines = subject.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-ssl-header").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
end
Array(param[:notmatch]).each do |item|
@ -595,9 +620,8 @@ describe 'nginx::resource::vhost' do
:value => false,
:notmatch => %r|
^
\s+listen\s+\*:443\s+ssl;\n
\s+server_name\s+www\.rspec\.example\.com;\n
\s+return\s+301\s+https://rspec\.example\.com\$uri;
\s+return\s+301\s+https://rspec\.example\.com\$request_uri;
|x,
},
{
@ -656,7 +680,7 @@ describe 'nginx::resource::vhost' do
if matches.all? { |m| m.is_a? Regexp }
matches.each { |item| is_expected.to contain_concat__fragment("#{title}-ssl-footer").with_content(item) }
else
lines = subject.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n")
lines = catalogue.resource('concat::fragment', "#{title}-ssl-footer").send(:parameters)[:content].split("\n")
expect(lines & Array(param[:match])).to eq(Array(param[:match]))
end
Array(param[:notmatch]).each do |item|
@ -769,6 +793,15 @@ describe 'nginx::resource::vhost' do
it { is_expected.to contain_file('/etc/nginx/fastcgi_params').with_mode('0770') }
end
context 'when uwsgi => "uwsgi_upstream"' do
let :params do default_params.merge({
:uwsgi => 'uwsgi_upstream',
}) end
it { should contain_file('/etc/nginx/uwsgi_params').with_mode('0770') }
end
context 'when listen_port == ssl_port' do
let :params do default_params.merge({
:listen_port => 80,
@ -813,11 +846,26 @@ describe 'nginx::resource::vhost' do
it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate\s+dummy.cert;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_certificate_key\s+dummy.key;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-footer") }
it { is_expected.to contain_file("/etc/nginx/#{title}.crt") }
it { is_expected.to contain_file("/etc/nginx/#{title}.key") }
end
context 'when ssl_client_cert is set' do
let :params do default_params.merge({
:ssl => true,
:listen_port => 80,
:ssl_port => 80,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
:ssl_client_cert => 'client.cert',
}) end
it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client on;}) }
end
context 'when passenger_cgi_param is set' do
let :params do default_params.merge({
:passenger_cgi_param => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
@ -841,12 +889,73 @@ describe 'nginx::resource::vhost' do
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_cgi_param test3 test value 3;/ ) }
end
context 'when passenger_set_header is set' do
let :params do default_params.merge({
:passenger_set_header => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
}) end
it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_header test1 test value 1;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_header test2 test value 2;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_set_header test3 test value 3;/ ) }
end
context 'when passenger_set_header is set and ssl => true' do
let :params do default_params.merge({
:passenger_set_header => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
}) end
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_header test1 test value 1;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_header test2 test value 2;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_set_header test3 test value 3;/ ) }
end
context 'when passenger_env_var is set' do
let :params do default_params.merge({
:passenger_env_var => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' }
}) end
it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_env_var test1 test value 1;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_env_var test2 test value 2;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-header").with_content( /passenger_env_var test3 test value 3;/ ) }
end
context 'when passenger_env_var is set and ssl => true' do
let :params do default_params.merge({
:passenger_env_var => { 'test1' => 'test value 1', 'test2' => 'test value 2', 'test3' => 'test value 3' },
:ssl => true,
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
}) end
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_env_var test1 test value 1;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_env_var test2 test value 2;/ ) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content( /passenger_env_var test3 test value 3;/ ) }
end
context 'when vhost name is sanitized' do
let :title do 'www rspec-vhost com' end
let :params do default_params end
it { is_expected.to contain_concat('/etc/nginx/sites-available/www_rspec-vhost_com.conf') }
end
context 'when add_header is set' do
let :params do default_params.merge({
:add_header => { 'header3' => 'test value 3', 'header2' => 'test value 2', 'header1' => 'test value 1' }
}) end
it 'should have correctly ordered entries in the config' do
is_expected.to contain_concat__fragment("#{title}-header").with_content(/
%r|
\s+add_header\s+header1 test value 1;\n
\s+add_header\s+header2 test value 2;\n
\s+add_header\s+header3 test value 3;\n
|/)
end
end
end
end
end

40
spec/spec_helper_system.rb → spec/spec_helper_acceptance.rb
View file

@ -1,30 +1,31 @@
require 'rspec-system/spec_helper'
require 'rspec-system-puppet/helpers'
require 'rspec-system-serverspec/helpers'
include RSpecSystemPuppet::Helpers
require 'beaker-rspec'
hosts.each do |host|
# Install Puppet
on host, install_puppet
end
RSpec.configure do |c|
# Project root
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Enable colour
c.tty = true
c.formatter = :documentation
# This is where we 'setup' the nodes before running our tests
c.before :suite do
# Install puppet
puppet_install
hosts.each do |host|
# Install module
copy_module_to(host, :source => proj_root, :module_name => 'nginx')
if fact('osfamily') == 'Debian'
on host, puppet('module','install','puppetlabs-apt'), { :acceptable_exit_codes => [0,1] }
end
on host, puppet('module','install','puppetlabs-stdlib'), { :acceptable_exit_codes => [0,1] }
on host, puppet('module','install','puppetlabs-concat'), { :acceptable_exit_codes => [0,1] }
# Install modules and dependencies
puppet_module_install(:source => proj_root, :module_name => 'nginx')
shell('puppet module install puppetlabs-apt')
shell('puppet module install puppetlabs-stdlib')
shell('puppet module install puppetlabs-concat')
# Fake keys.
# Valid self-signed SSL key with 10 year expiry.
# Required for nginx to start when SSL enabled
shell('echo "-----BEGIN PRIVATE KEY-----
# Fake keys.
# Valid self-signed SSL key with 10 year expiry.
# Required for nginx to start when SSL enabled
on host, shell('echo "-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAOPchwRZRF4KmU6E
g7C6Pq9zhdLiQt9owdcLZNiZS+UVRQjeDHSy3titzh5YwSoQonlnSqd0g/PJ6kNA
O3CNOMVuzAddnAaHzW1J4Rt6sZwOuidtJC4t/hFCgz5NqOMgYOOfratQx00A7ZXK
@ -40,7 +41,7 @@ J9lmX7GV9nUCM7lKVD2ckFOQNlMwCURs8ukJh7H/MfQ8Dt5xoQAMjQJBAOWpK6k6
b0fTREZFZRGZBJcSu959YyMzhpSFA+lXkLNTWX8j1/D88H731oMSImoQNWcYx2dH
sCwOCDqu1nZ2LJ8=
-----END PRIVATE KEY-----" > /tmp/blah.key')
shell('echo "-----BEGIN CERTIFICATE-----
on host, shell('echo "-----BEGIN CERTIFICATE-----
MIIDRjCCAq+gAwIBAgIJAL9m0V4sHW2tMA0GCSqGSIb3DQEBBQUAMIG7MQswCQYD
VQQGEwItLTESMBAGA1UECAwJU29tZVN0YXRlMREwDwYDVQQHDAhTb21lQ2l0eTEZ
MBcGA1UECgwQU29tZU9yZ2FuaXphdGlvbjEfMB0GA1UECwwWU29tZU9yZ2FuaXph
@ -60,5 +61,6 @@ HaHIWGMBuXApE7t4PNdYWZ5Y56tI+HT59yVoDjc1YSnuzkKlWUPibVYoLpX/ROKr
aIZ8kxsBjLvpi9KQTHi7Wl6Sw3ecoYdKy+2P8S5xOIpWjs8XVmOWf7Tq1+9KPv3z
HLw/FDCzntkdq3G4em15CdFlO9BTY4HXiHU=
-----END CERTIFICATE-----" > /tmp/blah.cert')
end
end
end

33
spec/system/basic_spec.rb
View file

@ -1,33 +0,0 @@
require 'spec_helper_system'
# Here we put the more basic fundamental tests, ultra obvious stuff.
describe "basic tests:" do
context 'make sure we have copied the module across' do
# No point diagnosing any more if the module wasn't copied properly
context shell 'ls /etc/puppet/modules/nginx' do
its(:stdout) { should =~ /Modulefile/ }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
end
#puppet smoke test
context puppet_apply 'notice("foo")' do
its(:stdout) { should =~ /foo/ }
its(:stderr) { should be_empty }
its(:exit_code) { should be_zero }
end
it 'nginx class should work with no errors' do
pp = <<-EOS
class { 'nginx': }
EOS
# Run it twice and test for idempotency
puppet_apply(pp) do |r|
[0,2].should include(r.exit_code)
r.refresh
r.exit_code.should be_zero
end
end
end

35
spec/system/class_spec.rb
View file

@ -1,35 +0,0 @@
require 'spec_helper_system'
describe "nginx class:" do
case node.facts['osfamily']
when 'RedHat'
package_name = 'nginx'
when 'Debian'
package_name = 'nginx'
when 'Suse'
package_name = 'nginx-0.8'
end
context 'should run successfully' do
it 'should run successfully' do
pp = "class { 'nginx': }"
puppet_apply(pp) do |r|
#r.stderr.should be_empty
[0,2].should include r.exit_code
r.refresh
#r.stderr.should be_empty
r.exit_code.should be_zero
end
end
end
describe package(package_name) do
it { should be_installed }
end
describe service('nginx') do
it { should be_running }
end
end

42
spec/system/nginx_mail_spec.rb
View file

@ -1,42 +0,0 @@
require 'spec_helper_system'
describe "nginx::resource::mailhost define:" do
it 'should run successfully' do
pp = "
class { 'nginx':
mail => true,
}
nginx::resource::vhost { 'www.puppetlabs.com':
ensure => present,
www_root => '/var/www/www.puppetlabs.com',
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'localhost/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
xclient => 'off',
}
"
puppet_apply(pp) do |r|
[0,2].should include r.exit_code
r.refresh
# Not until deprecated variables fixed.
#r.stderr.should be_empty
r.exit_code.should be_zero
end
end
describe file('/etc/nginx/conf.mail.d/domain1.example.conf') do
it { should be_file }
it { should contain "auth_http localhost/cgi-bin/auth;" }
end
describe file('/etc/nginx/sites-available/www.puppetlabs.com.conf') do
it { should be_file }
end
end

9
templates/conf.d/nginx.conf.erb
View file

@ -11,6 +11,15 @@ pid <%= @pid %>;
<% end -%>
error_log <%= @nginx_error_log %>;
<% if @nginx_cfg_prepend -%>
<%- field_width = @nginx_cfg_prepend.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
<%- @nginx_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%>
<%- Array(value).each do |asubvalue| -%>
<%= sprintf("%-*s", field_width, key) %> <%= asubvalue %>;
<%- end -%>
<%- end -%>
<% end -%>
events {
worker_connections <%= @worker_connections -%>;
<%- if @multi_accept == 'on' -%>

20
templates/mailhost/mailhost.erb
View file

@ -1,10 +1,22 @@
server {
<%- if @listen_ip.is_a?(Array) then -%>
<%- @listen_ip.each do |ip| -%>
listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<% end %>
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
server_name <%= @server_name.join(" ") %>;
protocol <%= @protocol %>;
xclient <%= @xclient %>;

22
templates/mailhost/mailhost_ssl.erb
View file

@ -1,10 +1,22 @@
server {
listen <%= @ssl_port %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end %>
<%- if @listen_ip.is_a?(Array) then -%>
<%- @listen_ip.each do |ip| -%>
listen <%= ip %>:<%= @ssl_port %>;
<%- end -%>
<%- else -%>
listen <%= @listen_ip %>:<%= @ssl_port %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ssl_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
server_name <%= @server_name.join(" ") %>;
protocol <%= @protocol %>;
xclient <%= @xclient %>;

38
templates/vhost/fastcgi_params.erb
View file

@ -1,27 +1,27 @@
# This file managed by puppet on host <%= @fqdn %>
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;
fastcgi_param HTTPS $https;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
fastcgi_param REDIRECT_STATUS 200;

6
templates/vhost/location_header.erb
View file

@ -19,6 +19,12 @@
deny <%= deny_rule %>;
<%- end -%>
<% end -%>
<% if @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<%- end %>
<%- if @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<% end -%>
<% if @location_custom_cfg_prepend -%>
<%- @location_custom_cfg_prepend.each do |key,value| -%>
<%- if value.is_a?(Hash) -%>

9
templates/vhost/locations/directory.erb
View file

@ -11,12 +11,3 @@
<% if @try_files -%>
try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
<% end -%>
<% if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
<%- if @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<%- end -%>
<%- if defined? @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<%- end -%>
<% end -%>

2
templates/vhost/locations/fastcgi.erb
View file

@ -16,7 +16,7 @@
<% end -%>
<% if defined? @fastcgi_param -%>
<%- field_width = @fastcgi_param.inject(0) { |l,(k,v)| k.size > l ? k.size : l } -%>
<%- @fastcgi_param.each do |key, val| -%>
<%- @fastcgi_param.sort_by {|k,v| k}.each do |key, val| -%>
fastcgi_param <%= sprintf("%-*s", field_width, key) %> <%= val %>;
<%- end -%>
<% end -%>

9
templates/vhost/locations/proxy.erb
View file

@ -21,12 +21,3 @@
<% if @proxy_cache_valid -%>
proxy_cache_valid <%= @proxy_cache_valid %>;
<% end -%>
<% if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
<%- if @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<%- end -%>
<%- if defined? @auth_basic_user_file -%>
auth_basic_user_file <%= @auth_basic_user_file %>;
<%- end -%>
<% end -%>

8
templates/vhost/locations/uwsgi.erb Normal file
View file

@ -0,0 +1,8 @@
<% if defined? @www_root -%>
root <%= @www_root %>;
<% end -%>
<% if @try_files -%>
try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
<% end -%>
include <%= @uwsgi_params %>;
uwsgi_pass <%= @uwsgi %>;

15
templates/vhost/uwsgi_params.erb Normal file
View file

@ -0,0 +1,15 @@
# This file managed by puppet on host <%= @fqdn %>
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

57
templates/vhost/vhost_header.erb
View file

@ -1,20 +1,48 @@
<% if @rewrite_www_to_non_www -%>
server {
listen <%= @listen_ip %>:<%= @listen_port %>;
<%- if @listen_ip.is_a?(Array) then -%>
<%- @listen_ip.each do |ip| -%>
listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
server_name www.<%= @server_name[0].gsub(/^www\./, '') %>;
return 301 http://<%= @server_name[0].gsub(/^www\./, '') %>$uri;
return 301 http://<%= @server_name[0].gsub(/^www\./, '') %>$request_uri;
}
<% end -%>
server {
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- if @listen_ip.is_a?(Array) then -%>
<%- @listen_ip.each do |ip| -%>
listen <%= ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<% if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end -%>
<%- end -%>
<%- end -%>
server_name <%= @rewrite_www_to_non_www ? @server_name[0].gsub(/^www\./, '') : @server_name.join(" ") %>;
<%- if instance_variables.any? { |iv| iv.to_s.include? 'auth_basic' } -%>
<% if defined? @auth_basic -%>
<%- if defined? @auth_basic -%>
auth_basic "<%= @auth_basic %>";
<%- end -%>
<%- if defined? @auth_basic_user_file -%>
@ -66,14 +94,27 @@ server {
passenger_set_cgi_param <%= key %> <%= @passenger_cgi_param[key] %>;
<%- end -%>
<% end -%>
<% if @passenger_set_header -%>
<%- @passenger_set_header.keys.sort.each do |key| -%>
passenger_set_header <%= key %> <%= @passenger_set_header[key] %>;
<%- end -%>
<% end -%>
<% if @passenger_env_var -%>
<%- @passenger_env_var.keys.sort.each do |key| -%>
passenger_env_var <%= key %> <%= @passenger_env_var[key] %>;
<%- end -%>
<% end -%>
<% if Array(@resolver).count > 0 -%>
resolver <% Array(@resolver).each do |r| %> <%= r %><% end %>;
<% end -%>
<% if @add_header -%>
<%- @add_header.each do |key,value| -%>
add_header <%= key %> <%= value %>;
<%- @add_header.keys.sort.each do |key| -%>
add_header <%= key %> <%= @add_header[key] %>;
<%- end -%>
<% end -%>
<% if @maintenance -%>
<%= @maintenance_value %>;
<% end -%>
<% if @rewrite_to_https -%>
if ($ssl_protocol = "") {
return 301 https://$host<% if @ssl_port.to_i != 443 %>:<%= @ssl_port %><% end %>$request_uri;

75
templates/vhost/vhost_ssl_header.erb
View file

@ -1,48 +1,57 @@
<% if @rewrite_www_to_non_www -%>
server {
listen <%= @listen_ip %>:<%= @ssl_port %> ssl;
<%- if @listen_ip.is_a?(Array) then -%>
<%- @listen_ip.each do |ip| -%>
listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
server_name www.<%= @server_name[0].gsub(/^www\./, '') %>;
return 301 https://<%= @server_name[0].gsub(/^www\./, '') %>$uri;
return 301 https://<%= @server_name[0].gsub(/^www\./, '') %>$request_uri;
<%= scope.function_template(["nginx/vhost/vhost_ssl_settings.erb"]) %>
}
<% end -%>
server {
<%- if @listen_ip.is_a?(Array) then -%>
<%- @listen_ip.each do |ip| -%>
listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<%- end -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%- if @ipv6_enable && (defined? @ipaddress6) -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- if @ipv6_listen_ip.is_a?(Array) then -%>
<%- @ipv6_listen_ip.each do |ipv6| -%>
listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- else -%>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<%- end -%>
<%- end -%>
server_name <%= @rewrite_www_to_non_www ? @server_name[0].gsub(/^www\./, '') : @server_name.join(" ") %>;
ssl on;
<%= scope.function_template(["nginx/vhost/vhost_ssl_settings.erb"]) %>
ssl_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.key;
<% if defined? @ssl_dhparam -%>
ssl_dhparam <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.dh.pem;
<% if @maintenance -%>
<%= @maintenance_value %>;
<% end -%>
ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>;
ssl_protocols <%= @ssl_protocols %>;
ssl_ciphers <%= @ssl_ciphers %>;
ssl_prefer_server_ciphers on;
<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
<%- if @ssl_stapling -%>
ssl_stapling on;
<%- end -%>
<%- if defined? @ssl_stapling_file -%>
ssl_stapling_file <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.ocsp.resp;
<%- end -%>
<%- if defined? @ssl_stapling_responder -%>
ssl_stapling_responder <%= @ssl_stapling_responder %>;
<%- end -%>
<%- if @ssl_stapling_verify -%>
ssl_stapling_verify on;
<%- end -%>
<%- if defined? @ssl_trusted_cert -%>
ssl_trusted_certificate <%= scope.lookupvar('nginx::config::conf_dir') %>/<%= @name.gsub(' ', '_') %>.trusted.crt;
<%- end -%>
<% end -%>
<% if Array(@resolver).count > 0 -%>
resolver <% Array(@resolver).each do |r| %> <%= r %><% end %>;
<% end -%>
@ -116,6 +125,12 @@ server {
<% Array(@passenger_cgi_param).each do |key,value| -%>
passenger_set_cgi_param <%= key %> <%= value %>;
<% end -%>
<% Array(@passenger_set_header).each do |key,value| -%>
passenger_set_header <%= key %> <%= value %>;
<% end -%>
<% Array(@passenger_env_var).each do |key,value| -%>
passenger_env_var <%= key %> <%= value %>;
<% end -%>
<% Array(@add_header).each do |key,value| -%>
add_header <%= key %> <%= value %>;
<% end -%>

37
templates/vhost/vhost_ssl_settings.erb Normal file
View file

@ -0,0 +1,37 @@
ssl on;
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% if defined? @ssl_client_cert -%>
ssl_client_certificate <%= @ssl_client_cert %>;
ssl_verify_client on;
<% end -%>
<% if defined? @ssl_dhparam -%>
ssl_dhparam <%= @ssl_dhparam %>;
<% end -%>
ssl_session_cache <%= @ssl_cache %>;
ssl_session_timeout <%= @ssl_session_timeout %>;
ssl_protocols <%= @ssl_protocols %>;
ssl_ciphers <%= @ssl_ciphers %>;
ssl_prefer_server_ciphers on;
<% if @ssl_crl -%>
ssl_crl <%= @ssl_crl %>;
<% end -%>
<%- if instance_variables.any? { |iv| iv.to_s.include? 'ssl_' } -%>
<%- if @ssl_stapling -%>
ssl_stapling on;
<%- end -%>
<%- if defined? @ssl_stapling_file -%>
ssl_stapling_file <%= @ssl_stapling_file %>;
<%- end -%>
<%- if defined? @ssl_stapling_responder -%>
ssl_stapling_responder <%= @ssl_stapling_responder %>;
<%- end -%>
<%- if @ssl_stapling_verify -%>
ssl_stapling_verify on;
<%- end -%>
<%- if defined? @ssl_trusted_cert -%>
ssl_trusted_certificate <%= @ssl_trusted_cert %>;
<%- end -%>
<% end -%>

17
tests/vhost_ssl.pp
View file

@ -1,5 +1,14 @@
include nginx
nginx::resource::vhost { 'test3.local test3':
ensure => present,
www_root => '/var/www/nginx-default',
ssl => true,
ssl_cert => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
ssl_client_cert => 'puppet:///modules/sslkey/whildcard_mydomain.crt',
ssl_key => 'puppet:///modules/sslkey/whildcard_mydomain.key'
}
nginx::resource::vhost { 'test2.local test2':
ensure => present,
www_root => '/var/www/nginx-default',
@ -15,3 +24,11 @@ nginx::resource::location { 'test2.local-bob':
vhost => 'test2.local test2',
}
nginx::resource::location { 'test3.local-bob':
ensure => present,
www_root => '/var/www/bob',
location => '/bob',
vhost => 'test3.local test3',
}