This commit is contained in:
Jan Örnstedt 2014-02-11 09:03:34 +01:00
commit 75d1478b37
12 changed files with 45 additions and 24 deletions

View file

@ -15,7 +15,7 @@
# This class file is not called directly # This class file is not called directly
class nginx::params { class nginx::params {
if $caller_module_name != $module_name { if $caller_module_name != undef and $caller_module_name != $module_name {
warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.") warning("${name} is deprecated as a public API of the ${module_name} module and should no longer be directly included in the manifest.")
} }

View file

@ -49,7 +49,7 @@ define nginx::resource::mailhost (
$ipv6_enable = false, $ipv6_enable = false,
$ipv6_listen_ip = '::', $ipv6_listen_ip = '::',
$ipv6_listen_port = '80', $ipv6_listen_port = '80',
$ipv6_listen_options = 'default', $ipv6_listen_options = 'default ipv6only=on',
$ssl = false, $ssl = false,
$ssl_cert = undef, $ssl_cert = undef,
$ssl_key = undef, $ssl_key = undef,
@ -64,7 +64,7 @@ define nginx::resource::mailhost (
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} }
if !is_integer($listen_port) { if !is_integer($listen_port) {
fail('$listen_port must be an integer.') fail('$listen_port must be an integer.')
} }

View file

@ -27,8 +27,8 @@
# response code is equal to 200, 204, 301, 302 or 304. # response code is equal to 200, 204, 301, 302 or 304.
# [*index_files*] - Default index files for NGINX to read when # [*index_files*] - Default index files for NGINX to read when
# traversing a directory # traversing a directory
# [*autoindex*] - Set it on 'on' to activate autoindex directory # [*autoindex*] - Set it on 'on' or 'off 'to activate/deactivate
# listing. Undef by default. # autoindex directory listing. Undef by default.
# [*proxy*] - Proxy server(s) for the root location to connect # [*proxy*] - Proxy server(s) for the root location to connect
# to. Accepts a single value, can be used in conjunction with # to. Accepts a single value, can be used in conjunction with
# nginx::resource::upstream # nginx::resource::upstream
@ -45,7 +45,7 @@
# for SSL Support. This is not generated by this module. # for SSL Support. This is not generated by this module.
# [*ssl_dhparam*] - This directive specifies a file containing # [*ssl_dhparam*] - This directive specifies a file containing
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM # Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
# format, utilized for exchanging session keys between server and client. # format, utilized for exchanging session keys between server and client.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL
# Support. This is not generated by this module. # Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL # [*ssl_port*] - Default IP Port for NGINX to listen with this SSL
@ -93,6 +93,10 @@
# put after everything else inside vhost # put after everything else inside vhost
# [*vhost_cfg_prepend*] - It expects a hash with custom directives to # [*vhost_cfg_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost # put before everything else inside vhost
# [*vhost_cfg_ssl_append*] - It expects a hash with custom directives to
# put after everything else inside vhost ssl
# [*vhost_cfg_ssl_prepend*] - It expects a hash with custom directives to
# put before everything else inside vhost ssl
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to # [*rewrite_to_https*] - Adds a server directive and rewrite rule to
# rewrite to ssl # rewrite to ssl
# [*include_files*] - Adds include files to vhost # [*include_files*] - Adds include files to vhost
@ -124,7 +128,7 @@ define nginx::resource::vhost (
$ipv6_enable = false, $ipv6_enable = false,
$ipv6_listen_ip = '::', $ipv6_listen_ip = '::',
$ipv6_listen_port = '80', $ipv6_listen_port = '80',
$ipv6_listen_options = 'default', $ipv6_listen_options = 'default ipv6only=on',
$add_header = undef, $add_header = undef,
$ssl = false, $ssl = false,
$ssl_cert = undef, $ssl_cert = undef,
@ -169,6 +173,8 @@ define nginx::resource::vhost (
$client_max_body_size = undef, $client_max_body_size = undef,
$vhost_cfg_prepend = undef, $vhost_cfg_prepend = undef,
$vhost_cfg_append = undef, $vhost_cfg_append = undef,
$vhost_cfg_ssl_prepend = undef,
$vhost_cfg_ssl_append = undef,
$include_files = undef, $include_files = undef,
$access_log = undef, $access_log = undef,
$error_log = undef, $error_log = undef,
@ -288,6 +294,12 @@ define nginx::resource::vhost (
if ($vhost_cfg_append != undef) { if ($vhost_cfg_append != undef) {
validate_hash($vhost_cfg_append) validate_hash($vhost_cfg_append)
} }
if ($vhost_cfg_ssl_prepend != undef) {
validate_hash($vhost_cfg_ssl_prepend)
}
if ($vhost_cfg_ssl_append != undef) {
validate_hash($vhost_cfg_ssl_append)
}
if ($include_files != undef) { if ($include_files != undef) {
validate_array($include_files) validate_array($include_files)
} }
@ -357,9 +369,7 @@ define nginx::resource::vhost (
notify => Class['nginx::service'], notify => Class['nginx::service'],
} }
if ($ssl == true) and ($ssl_port == $listen_port) { $ssl_only = ($ssl == true) and ($ssl_port == $listen_port)
$ssl_only = true
}
if $use_default_location == true { if $use_default_location == true {
# Create the default location reference for the vHost # Create the default location reference for the vHost
@ -382,6 +392,7 @@ define nginx::resource::vhost (
fastcgi_script => $fastcgi_script, fastcgi_script => $fastcgi_script,
try_files => $try_files, try_files => $try_files,
www_root => $www_root, www_root => $www_root,
autoindex => $autoindex,
index_files => [], index_files => [],
location_custom_cfg => $location_custom_cfg, location_custom_cfg => $location_custom_cfg,
notify => Class['nginx::service'], notify => Class['nginx::service'],

View file

@ -85,7 +85,7 @@ describe 'nginx::resource::mailhost' do
:title => 'should set the IPv6 listen options', :title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options', :attr => 'ipv6_listen_options',
:value => 'spdy', :value => 'spdy',
:match => ' listen [::]:80 spdy ipv6only=on;', :match => ' listen [::]:80 spdy;',
}, },
{ {
:title => 'should set servername(s)', :title => 'should set servername(s)',
@ -241,7 +241,7 @@ describe 'nginx::resource::mailhost' do
:title => 'should set the IPv6 listen options', :title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options', :attr => 'ipv6_listen_options',
:value => 'spdy', :value => 'spdy',
:match => ' listen [::]:80 spdy ipv6only=on;', :match => ' listen [::]:80 spdy;',
}, },
{ {
:title => 'should set servername(s)', :title => 'should set servername(s)',

View file

@ -52,9 +52,9 @@ describe 'nginx::resource::upstream' do
'test2', 'test2',
], ],
:match => [ :match => [
' server test3;', ' server test3 fail_timeout=10s;',
' server test1;', ' server test1 fail_timeout=10s;',
' server test2;', ' server test2 fail_timeout=10s;',
], ],
}, },
].each do |param| ].each do |param|

View file

@ -95,7 +95,7 @@ describe 'nginx::resource::vhost' do
:title => 'should set the IPv6 listen options', :title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options', :attr => 'ipv6_listen_options',
:value => 'spdy', :value => 'spdy',
:match => ' listen [::]:80 spdy ipv6only=on;', :match => ' listen [::]:80 spdy;',
}, },
{ {
:title => 'should set servername(s)', :title => 'should set servername(s)',
@ -321,7 +321,7 @@ describe 'nginx::resource::vhost' do
:title => 'should set the IPv6 listen options', :title => 'should set the IPv6 listen options',
:attr => 'ipv6_listen_options', :attr => 'ipv6_listen_options',
:value => 'spdy default', :value => 'spdy default',
:match => ' listen [::]:443 ssl spdy default ipv6only=on;', :match => ' listen [::]:443 ssl spdy default;',
}, },
{ {
:title => 'should set servername(s)', :title => 'should set servername(s)',

View file

@ -3,7 +3,7 @@ server {
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %> <% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %> <% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %> ipv6only=on; listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<% end %> <% end %>
server_name <%= @server_name.join(" ") %>; server_name <%= @server_name.join(" ") %>;
protocol <%= @protocol %>; protocol <%= @protocol %>;

View file

@ -3,7 +3,7 @@ server {
listen <%= @ssl_port %>; listen <%= @ssl_port %>;
<% # check to see if ipv6 support exists in the kernel before applying %> <% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %> <% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on; listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end %> <% end %>
server_name <%= @server_name.join(" ") %>; server_name <%= @server_name.join(" ") %>;
protocol <%= @protocol %>; protocol <%= @protocol %>;

View file

@ -2,7 +2,7 @@ server {
listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>; listen <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %> <% # check to see if ipv6 support exists in the kernel before applying %>
<% if @ipv6_enable && (defined? @ipaddress6) %> <% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on; listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
<% end %> <% end %>
server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>; server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
<% if defined? @auth_basic -%> <% if defined? @auth_basic -%>

View file

@ -17,8 +17,8 @@
<% if @try_files -%> <% if @try_files -%>
try_files<% @try_files.each do |try| -%> <%= try %><% end -%>; try_files<% @try_files.each do |try| -%> <%= try %><% end -%>;
<% end -%> <% end -%>
<% if @autoindex == 'on' -%> <% if defined? @autoindex -%>
autoindex on; autoindex <%= @autoindex %>;
<% end -%> <% end -%>
<% if @index_files.count > 0 -%> <% if @index_files.count > 0 -%>
index <% Array(@index_files).each do |i| %> <%= i %><% end %>; index <% Array(@index_files).each do |i| %> <%= i %><% end %>;

View file

@ -5,6 +5,10 @@ include <%= file %>;
<%= key %> <%= value %>; <%= key %> <%= value %>;
<% end -%> <% end -%>
<% end -%> <% end -%>
<% if @vhost_cfg_ssl_append -%><% @vhost_cfg_ssl_append.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%>
<% end -%>
} }
<% if @rewrite_www_to_non_www -%> <% if @rewrite_www_to_non_www -%>
server { server {

View file

@ -1,7 +1,7 @@
server { server {
listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; listen <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
<% if @ipv6_enable && (defined? @ipaddress6) %> <% if @ipv6_enable && (defined? @ipaddress6) %>
listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %> ipv6only=on; listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
<% end %> <% end %>
server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>; server_name <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
@ -47,7 +47,13 @@ server {
access_log <%= @ssl_access_log %>; access_log <%= @ssl_access_log %>;
error_log <%= @ssl_error_log %>; error_log <%= @ssl_error_log %>;
<% if @vhost_cfg_prepend -%><% @vhost_cfg_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% if @vhost_cfg_ssl_prepend -%><% @vhost_cfg_ssl_prepend.sort_by{ |k, v| k.to_s == 'allow' ? '' : k.to_s }.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% if @root -%> <% if @root -%>
root <%= @root %>; root <%= @root %>;
<% end -%> <% end -%>