opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'master' of https://github.com/jfryman/puppet-nginx

Browse source 
Conflicts:
	manifests/config.pp
	manifests/init.pp
	manifests/params.pp
	manifests/resource/location.pp
	manifests/resource/vhost.pp
	manifests/service.pp
	templates/vhost/vhost_footer.erb
	templates/vhost/vhost_header.erb
	templates/vhost/vhost_location_directory.erb
	templates/vhost/vhost_location_proxy.erb
	templates/vhost/vhost_ssl_header.erb
	tests/vhost.pp
This commit is contained in:
Lebedev Vadim 2013-05-21 16:30:21 +04:00
commit 8d33fd63f1
26 changed files with 404 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Chapter 1 - The haunting Beginning.md Normal file
View file

@ -0,0 +1,4 @@
# Chatper 1
## The Haunting Beginning
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.

21
README.markdown
View file

@ -45,3 +45,24 @@ Add a Proxy Server(s)
}
}
</pre>
Add an smtp proxy
<pre>
node default {
class { 'nginx':
mail => true,
}
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => 'true',
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
}
</pre>

14
composer.json Normal file
View file

@ -0,0 +1,14 @@
{
"name": "jfryman/puppet-nginx",
"type": "project",
"description": "Puppet module for nginx installation",
"keywords": ["puppet", "nginx"],
"license": "Apache-2.0",
"require": {
},
"extra": {
"branch-alias": {
"dev-master": "1.x-dev"
}
}
}

23
manifests/config.pp
View file

@ -16,14 +16,16 @@
class nginx::config(
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$confd_purge = $nginx::params::nx_confd_purge,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_cache_path = $nginx::params::nx_proxy_cache_path,
$proxy_cache_levels = $nginx::params::nx_proxy_cache_levels,
$proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone,
$proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size,
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$types_hash_max_size = $nginx::params::nx_types_hash_max_size,
$types_hash_bucket_size = $nginx::params::nx_types_hash_bucket_size
) inherits nginx::params {
File {
owner => 'root',
@ -46,6 +48,17 @@ class nginx::config(
}
}
file { "${nginx::params::nx_conf_dir}/conf.mail.d":
ensure => directory,
}
if $confd_purge == true {
File["${nginx::params::nx_conf_dir}/conf.mail.d"] {
ignore => 'vhost_autogen.conf',
purge => true,
recurse => true,
}
}
file {$nginx::config::nx_run_dir:
ensure => directory,
}
@ -79,4 +92,10 @@ class nginx::config(
purge => true,
recurse => true,
}
file { "${nginx::config::nx_temp_dir}/nginx.mail.d":
ensure => directory,
purge => true,
recurse => true,
}
}

13
manifests/init.pp
View file

@ -32,14 +32,16 @@ class nginx (
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$confd_purge = $nginx::params::nx_confd_purge,
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restrart,
$proxy_http_version = $nginx::params::nx_proxy_http_version, $confd_purge = $nginx::params::nx_confd_purge,
$proxy_cache_path = $nginx::params::nx_proxy_cache_path,
$proxy_cache_levels = $nginx::params::nx_proxy_cache_levels,
$proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone,
$proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size,
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restrart,
$mail = $nginx::params::nx_mail,
$server_tokens = $nginx::params::nx_server_tokens
) inherits nginx::params {
include stdlib
@ -52,19 +54,20 @@ class nginx (
worker_processes => $worker_processes,
worker_connections => $worker_connections,
proxy_set_header => $proxy_set_header,
confd_purge => $confd_purge,
proxy_http_version => $proxy_http_version,
proxy_cache_path => $proxy_cache_path,
proxy_cache_levels => $proxy_cache_levels,
proxy_cache_keys_zone => $proxy_cache_keys_zone,
proxy_cache_max_size => $proxy_cache_max_size,
proxy_cache_inactive => $proxy_cache_inactive,
confd_purge => $confd_purge,
require => Class['nginx::package'],
notify => Class['nginx::service'],
}
class { 'nginx::service':
configtest_enable => $configtest_enable,
service_restart => $service_restart,
service_restart => $service_restart,
}
# Allow the end user to establish relationships to the "main" class

3
manifests/package.pp
View file

@ -42,5 +42,8 @@ class nginx::package {
before => Anchor['nginx::package::end'],
}
}
default: {
fail("Module ${module_name} is not supported on ${::operatingsystem}")
}
}
}

30
manifests/package/debian.pp
View file

@ -14,7 +14,37 @@
#
# This class file is not called directly
class nginx::package::debian {
$operatingsystem_lowercase = inline_template('<%= operatingsystem.downcase %>')
package { 'nginx':
ensure => present,
require => Anchor['nginx::apt_repo'],
}
anchor { 'nginx::apt_repo' : }
file { '/etc/apt/sources.list.d/nginx.list':
ensure => present,
content => "deb http://nginx.org/packages/${operatingsystem_lowercase}/ ${::lsbdistcodename} nginx
deb-src http://nginx.org/packages/${operatingsystem_lowercase}/ ${::lsbdistcodename} nginx
",
mode => '0444',
require => Exec['add_nginx_apt_key'],
before => Anchor['nginx::apt_repo'],
}
exec { 'add_nginx_apt_key':
command => "/usr/bin/wget http://nginx.org/keys/nginx_signing.key -O - | /usr/bin/apt-key add -",
unless => '/usr/bin/apt-key list | /bin/grep -q nginx',
before => Anchor['nginx::apt_repo'],
}
exec { 'apt_get_update_for_nginx':
command => '/usr/bin/apt-get update',
timeout => 240,
returns => [ 0, 100 ],
refreshonly => true,
subscribe => File['/etc/apt/sources.list.d/nginx.list'],
before => Anchor['nginx::apt_repo'],
}
}

32
manifests/params.pp
View file

@ -1,4 +1,4 @@
# Class: nginx::params
# Class: nginx::param
#
# This module manages NGINX paramaters
#
@ -21,18 +21,30 @@ class nginx::params {
$nx_confd_purge = false
$nx_worker_processes = 1
$nx_worker_connections = 1024
$nx_types_hash_max_size = 1024
$nx_types_hash_bucket_size = 512
$nx_multi_accept = off
$nx_events_use = false # One of [kqueue|rtsig|epoll|/dev/poll|select|poll|eventport] or false to use OS default
$nx_sendfile = on
$nx_keepalive_timeout = 65
$nx_tcp_nodelay = on
$nx_gzip = on
$nx_server_tokens = on
$nx_spdy = off
$nx_ssl_stapling = off
$nx_types_hash_max_size = 2048
$nx_proxy_redirect = off
$nx_proxy_set_header = [
'Host $host', 'X-Real-IP $remote_addr',
'Host $host',
'X-Real-IP $remote_addr',
'X-Forwarded-For $proxy_add_x_forwarded_for',
]
$nx_proxy_cache_path = false
$nx_proxy_cache_levels = 1
$nx_proxy_cache_keys_zone = 'd2:100m'
$nx_proxy_cache_max_size = '500m'
$nx_proxy_cache_inactive = '20m'
$nx_client_body_temp_path = "${nx_run_dir}/client_body_temp"
$nx_client_body_buffer_size = '128k'
@ -42,13 +54,7 @@ class nginx::params {
$nx_proxy_send_timeout = '90'
$nx_proxy_read_timeout = '90'
$nx_proxy_buffers = '32 4k'
$nx_proxy_cache_path = false
$nx_proxy_cache_levels = 1
$nx_proxy_cache_keys_zone = 'd2:100m'
$nx_proxy_cache_max_size = '500m'
$nx_proxy_cache_inactive = '20m'
$nx_proxy_http_version = '1.0'
$nx_logdir = $::kernel ? {
/(?i-mx:linux)/ => '/var/log/nginx',
@ -59,7 +65,7 @@ class nginx::params {
}
$nx_daemon_user = $::operatingsystem ? {
/(?i-mx:debian|ubuntu)/ => 'www-data',
/(?i-mx:debian|ubuntu)/ => 'www-data',
/(?i-mx:fedora|rhel|redhat|centos|scientific|suse|opensuse|amazon)/ => 'nginx',
}
@ -67,6 +73,8 @@ class nginx::params {
# Some init scripts do a configtest, some don't. If configtest_enable it's true
# then service restart will take $nx_service_restart value, forcing configtest.
$nx_configtest_enable = false
$nx_service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart'
$nx_service_restart = '/etc/init.d/nginx configtest && /etc/init.d/nginx restart'
$nx_mail = false
}

11
manifests/resource/location.pp
View file

@ -58,11 +58,15 @@
# location_cfg_append => $my_config,
# }
define nginx::resource::location(
define nginx::resource::location (
$location,
$ensure = present,
$vhost = undef,
$www_root = undef,
$index_files = ['index.html', 'index.htm', 'index.php'],
$index_files = [
'index.html',
'index.htm',
'index.php'],
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$fastcgi = undef,
@ -89,7 +93,7 @@ define nginx::resource::location(
notify => Class['nginx::service'],
}
## Shared Variables
# # Shared Variables
$ensure_real = $ensure ? {
'absent' => absent,
default => file,
@ -115,6 +119,7 @@ define nginx::resource::location(
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi or stub_status defined')
}
if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}

105
manifests/resource/mailhost.pp Normal file
View file

@ -0,0 +1,105 @@
# define: nginx::resource::mailhost
#
# This definition creates a virtual host
#
# Parameters:
# [*ensure*] - Enables or disables the specified mailhost (present|absent)
# [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
# [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default.
# [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
# support exists on your system before enabling.
# [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
# [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
# [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
# While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
# [*index_files*] - Default index files for NGINX to read when traversing a directory
# [*ssl*] - Indicates whether to setup SSL bindings for this mailhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
# [*starttls*] - enable STARTTLS support: (on|off|only)
# [*protocol*] - Mail protocol to use: (imap|pop3|smtp)
# [*auth_http*] - With this directive you can set the URL to the external HTTP-like server for authorization.
# [*xclient*] - wheter to use xclient for smtp (on|off)
# [*server_name*] - List of mailhostnames for which this mailhost will respond. Default [$name].
#
# Actions:
#
# Requires:
#
# Sample Usage:
# nginx::resource::mailhost { 'domain1.example':
# ensure => present,
# auth_http => 'server2.example/cgi-bin/auth',
# protocol => 'smtp',
# listen_port => 587,
# ssl_port => 465,
# starttls => 'only',
# xclient => 'off',
# ssl => 'true',
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::mailhost (
$listen_port,
$ensure = 'enable',
$listen_ip = '*',
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = '80',
$ipv6_listen_options = 'default',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]) {
File {
owner => 'root',
group => 'root',
mode => '0644',
}
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$::ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}
# Check to see if SSL Certificates are properly defined.
if ($ssl or $starttls == 'on' or $starttls == 'only') {
if ($ssl_cert == undef) or ($ssl_key == undef) {
fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
}
}
# Use the File Fragment Pattern to construct the configuration files.
# Create the base configuration file reference.
if ($listen_port != $ssl_port) {
file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-001":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/mailhost/mailhost.erb'),
notify => Class['nginx::service'],
}
}
# Create SSL File Stubs if SSL is enabled
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.mail.d/${name}-700-ssl":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/mailhost/mailhost_ssl.erb'),
notify => Class['nginx::service'],
}
}
}

30
manifests/resource/upstream.pp
View file

@ -3,8 +3,9 @@
# This definition creates a new upstream proxy entry for NGINX
#
# Parameters:
# [*ensure*] - Enables or disables the specified location (present|absent)
# [*members*] - Array of member URIs for NGINX to connect to. Must follow valid NGINX syntax.
# [*members*] - Array of member URIs for NGINX to connect to. Must follow valid NGINX syntax.
# [*ensure*] - Enables or disables the specified location (present|absent)
# [*upstream_cfg_prepend*] - It expects a hash with custom directives to put before anything else inside upstream
#
# Actions:
#
@ -19,9 +20,26 @@
# 'localhost:3002',
# ],
# }
#
# Custom config example to use ip_hash, and 20 keepalive connections
# create a hash with any extra custom config you want.
# $my_config = {
# 'ip_hash' => '',
# 'keepalive' => '20',
# }
# nginx::resource::upstream { 'proxypass':
# ensure => present,
# members => [
# 'localhost:3000',
# 'localhost:3001',
# 'localhost:3002',
# ],
# upstream_cfg_prepend => $my_config,
# }
define nginx::resource::upstream (
$members,
$ensure = 'present',
$members
$upstream_cfg_prepend = undef,
) {
File {
owner => 'root',
@ -30,11 +48,11 @@ define nginx::resource::upstream (
}
file { "/etc/nginx/conf.d/${name}-upstream.conf":
ensure => $ensure ? {
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
content => template('nginx/conf.d/upstream.erb'),
notify => Class['nginx::service'],
}
}

74
manifests/resource/vhost.pp
View file

@ -26,20 +26,21 @@
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
# [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
# duplicate content (SEO);
# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*rewrite_www_to_non_www*] Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
# duplicate content (SEO);
# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*vhost_cfg_append*] - It expects a hash with custom directives to put
# after everything else inside vhost
#
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to rewrite to ssl
# [*include_files*] - Adds include files to vhost#
# Actions:
#
# Requires:
@ -52,7 +53,7 @@
# ssl_cert => '/tmp/server.crt',
# ssl_key => '/tmp/server.pem',
# }
define nginx::resource::vhost(
define nginx::resource::vhost (
$ensure = 'enable',
$listen_ip = '*',
$listen_port = '80',
@ -67,37 +68,48 @@ define nginx::resource::vhost(
$ssl_port = '443',
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$proxy_set_header = [],
$proxy_cache = false,
$proxy_cache_valid = false,
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_script = undef,
$index_files = ['index.html', 'index.htm', 'index.php'],
$index_files = [
'index.html',
'index.htm',
'index.php'],
$server_name = [$name],
$www_root = undef,
$rewrite_www_to_non_www = false,
$rewrite_to_https = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef,
$proxy_cache = false,
$proxy_cache_valid = false,
$auth_basic = undef,
$auth_basic_user_file = undef,
$vhost_cfg_append = undef
$vhost_cfg_append = undef,
$include_files = undef
) {
File {
owner => 'root',
group => 'root',
mode => '0644',
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
notify => Class['nginx::service'],
owner => 'root',
group => 'root',
mode => '0644',
}
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable == 'true') and ($ipaddress6) {
if ($ipv6_enable == true) and ($ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}
# Check to see if SSL Certificates are properly defined.
if ($ssl == 'true') {
if ($ssl == true) {
if ($ssl_cert == undef) or ($ssl_key == undef) {
fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
}
@ -129,37 +141,30 @@ define nginx::resource::vhost(
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
proxy_cache => $proxy_cache,
proxy_cache_valid => $proxy_cache_valid,
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
try_files => $try_files,
www_root => $www_root,
proxy_cache => $proxy_cache,
proxy_cache_valid => $proxy_cache_valid,
notify => Class['nginx::service'],
}
# Support location_cfg_prepend and location_cfg_append on default location created by vhost
if $location_cfg_prepend {
Nginx::Resource::Location["${name}-default"] {
location_cfg_prepend => $location_cfg_prepend
}
location_cfg_prepend => $location_cfg_prepend }
}
if $location_cfg_append {
Nginx::Resource::Location["${name}-default"] {
location_cfg_append => $location_cfg_append
}
location_cfg_append => $location_cfg_append }
}
# Create a proper file close stub.
if ($listen_port != $ssl_port) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_footer.erb'),
notify => Class['nginx::service'],
}
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699": content => template('nginx/vhost/vhost_footer.erb'), }
}
# Create SSL File Stubs if SSL is enabled
@ -196,5 +201,4 @@ define nginx::resource::vhost(
source => $ssl_key,
}
}
}

12
manifests/service.pp
View file

@ -14,8 +14,8 @@
#
# This class file is not called directly
class nginx::service(
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restart
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restart
) {
exec { 'rebuild-nginx-vhosts':
command => "/bin/cat ${nginx::params::nx_temp_dir}/nginx.d/* > ${nginx::params::nx_conf_dir}/conf.d/vhost_autogen.conf",
@ -23,12 +23,18 @@ class nginx::service(
unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.d/*",
subscribe => File["${nginx::params::nx_temp_dir}/nginx.d"],
}
exec { 'rebuild-nginx-mailhosts':
command => "/bin/cat ${nginx::params::nx_temp_dir}/nginx.mail.d/* > ${nginx::params::nx_conf_dir}/conf.mail.d/vhost_autogen.conf",
refreshonly => true,
unless => "/usr/bin/test ! -f ${nginx::params::nx_temp_dir}/nginx.mail.d/*",
subscribe => File["${nginx::params::nx_temp_dir}/nginx.mail.d"],
}
service { 'nginx':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
subscribe => Exec['rebuild-nginx-vhosts'],
subscribe => Exec['rebuild-nginx-vhosts', 'rebuild-nginx-mailhosts'],
}
if $configtest_enable == true {
Service['nginx'] {

14
templates/conf.d/nginx.conf.erb
View file

@ -7,6 +7,7 @@ pid <%= scope.lookupvar('nginx::params::nx_pid')%>;
events {
worker_connections <%= worker_connections %>;
<% if scope.lookupvar('nginx::params::nx_multi_accept') == 'on' %>multi_accept on;<% end %>
<% if scope.lookupvar('nginx::params::nx_events_use') %>use <%= scope.lookupvar('nginx::params::nx_events_use')%>;<% end %>
}
http {
@ -17,9 +18,11 @@ http {
sendfile <%= scope.lookupvar('nginx::params::nx_sendfile')%>;
<% if scope.lookupvar('nginx::params::nx_tcp_nopush') == 'on' %>
tcp_nopush on;
<% end %>
server_tokens <%= server_tokens %>;
<% if scope.lookupvar('nginx::params::nx_tcp_nopush') == 'on' %>tcp_nopush on;<% end %>
types_hash_max_size <%= scope.lookupvar('nginx::params::nx_types_hash_max_size')%>;
types_hash_bucket_size <%= scope.lookupvar('nginx::params::nx_types_hash_bucket_size')%>;
keepalive_timeout <%= scope.lookupvar('nginx::params::nx_keepalive_timeout')%>;
tcp_nodelay <%= scope.lookupvar('nginx::params::nx_tcp_nodelay')%>;
@ -37,3 +40,8 @@ http {
include /etc/nginx/conf.d/*.conf;
}
<% if scope.lookupvar('nginx::mail') %>
mail {
include /etc/nginx/conf.mail.d/*.conf;
}
<% end -%>

4
templates/conf.d/proxy.conf.erb
View file

@ -5,6 +5,6 @@ proxy_connect_timeout <%= scope.lookupvar('nginx::params::nx_proxy_connect_tim
proxy_send_timeout <%= scope.lookupvar('nginx::params::nx_proxy_send_timeout') %>;
proxy_read_timeout <%= scope.lookupvar('nginx::params::nx_proxy_read_timeout') %>;
proxy_buffers <%= scope.lookupvar('nginx::params::nx_proxy_buffers') %>;
proxy_http_version <%= @proxy_http_version %>;
<% proxy_set_header.each do |header| %>
proxy_set_header <%= header %>;
<% end %>
proxy_set_header <%= header %>;<% end %>

5
templates/conf.d/upstream.erb
View file

@ -1,5 +1,6 @@
upstream <%= name %> {
<% if @upstream_cfg_prepend -%><% upstream_cfg_prepend.sort_by{|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;<% end -%><% end -%>
<% members.each do |i| %>
server <%= i %>;
<% end %>
server <%= i %>;<% end %>
}

23
templates/mailhost/mailhost.erb Normal file
View file

@ -0,0 +1,23 @@
server {
listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if ipv6_enable && (defined? @ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %>
server_name <%= server_name.join(" ") %>;
protocol <%= protocol %>;
xclient <%= xclient %>;
auth_http <%= auth_http %>;
starttls <%= starttls %>;
<% if starttls == 'on' || starttls == 'only' %>
ssl_certificate <%= ssl_cert %>;
ssl_certificate_key <%= ssl_key %>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
<%- end -%>
}

23
templates/mailhost/mailhost_ssl.erb Normal file
View file

@ -0,0 +1,23 @@
server {
listen <%= ssl_port %>;
<% # check to see if ipv6 support exists in the kernel before applying %>
<% if ipv6_enable && (defined? @ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %>
server_name <%= server_name.join(" ") %>;
protocol <%= protocol %>;
xclient <%= xclient %>;
auth_http <%= auth_http %>;
ssl on;
ssl_certificate <%= ssl_cert %>;
ssl_certificate_key <%= ssl_key %>;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
}

3
templates/vhost/vhost_footer.erb
View file

@ -1,3 +1,6 @@
<% if @include_files %><% @include_files.each do |file| -%>
include <%= file %>;
<% end -%><% end -%>
<% if @vhost_cfg_append -%><% vhost_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;

7
templates/vhost/vhost_header.erb
View file

@ -13,3 +13,10 @@ auth_basic "<%= auth_basic %>";
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
<% proxy_set_header.each do |header| %>
proxy_set_header <%= header %>;<% end %>
<% if @rewrite_to_https %>
if ($ssl_protocol = "") {
return 301 https://$host$request_uri ;
}
<% end %>

12
templates/vhost/vhost_location_alias.erb
View file

@ -1,9 +1,7 @@
location <%= location %> {
<% if @location_cfg_prepend -%><% location_cfg_prepend.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
alias <%= location_alias %>;
<% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;<% end -%><% end -%>
alias <%= location_alias %>;
<% if @location_cfg_append -%><% location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;<% end -%><% end -%>
}

4
templates/vhost/vhost_location_directory.erb
View file

@ -1,5 +1,5 @@
location <%= location %> {
<% if @location_cfg_prepend -%><% location_cfg_prepend.each do |key,value| -%>
<% if @location_cfg_prepend -%><% location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
root <%= www_root %>;
@ -15,7 +15,7 @@
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
<% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%>
<% if @location_cfg_append -%><% location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
}

6
templates/vhost/vhost_location_proxy.erb
View file

@ -1,6 +1,6 @@
location <%= location %> {
<% if @location_cfg_prepend -%><% location_cfg_prepend.each do |key,value| -%>
<%= key %> <%= value %>;
<% if @location_cfg_prepend -%><% location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% if proxy_cache -%>
proxy_cache <%= proxy_cache %>;
@ -8,7 +8,7 @@
<% end -%>
proxy_pass <%= proxy %>;
proxy_read_timeout <%= proxy_read_timeout %>;
<% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%>
<% if @location_cfg_append -%><% location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
}

10
templates/vhost/vhost_location_stub_status.erb
View file

@ -1,9 +1,7 @@
location <%= location %> {
<% if @location_cfg_prepend -%><% location_cfg_prepend.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% if @location_cfg_prepend -%><% location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;<% end -%><% end -%>
stub_status on;
<% if @location_cfg_append -%><% location_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
<% if @location_cfg_append -%><% location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;<% end -%><% end -%>
}

21
templates/vhost/vhost_ssl_header.erb
View file

@ -1,5 +1,5 @@
server {
listen <%= listen_ip %>:<%= listen_port %> <% if @listen_options %><%= listen_options %><% end %>;
listen <%= listen_ip %>:<%= ssl_port %><% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %> ssl spdy<% end %>;<% if @listen_options %><%= listen_options %><% end %>;
<% if ipv6_enable == 'true' && (defined? ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %>
@ -7,18 +7,17 @@ server {
ssl on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
<% if auth_basic != :undef -%>
auth_basic "<%= auth_basic %>";
auth_basic "<%= auth_basic %>";
<% end -%>
<% if auth_basic_user_file != :undef -%>
auth_basic_user_file <%= auth_basic_user_file %>;
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>

4
tests/vhost.pp
View file

@ -2,7 +2,7 @@ include nginx
nginx::resource::vhost { 'test.local':
ensure => present,
ipv6_enable => 'true',
ipv6_enable => true,
proxy => 'http://proxypass',
}
@ -10,7 +10,7 @@ nginx::resource::vhost { 'test.local:8080':
ensure => present,
listen_port => 8080,
server_name => 'test.local',
ipv6_enable => 'true',
ipv6_enable => true,
proxy => 'http://proxypass',
}