opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #59 from abraham1901/master

Browse source 
Fixed errors and implemented new functions
This commit is contained in:
James Fryman 2013-05-21 07:46:10 -07:00
commit f0323576fc
13 changed files with 261 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog
View file

@ -1,3 +1,7 @@
2011-12-23 Sam Bashton <sam@bashton.com>
* manifests/resource/location.pp,manifests/resource/vhost.pp,
templates/vhost/vhost_location_fastcgi.erb: Add support for fastcgi
2011-06-06 James Fryman <james@frymanet.com>
* Modulefile, README, files/README.markdown, lib/facter/README.markdown,

28
manifests/config.pp
View file

@ -14,13 +14,18 @@
#
# This class file is not called directly
class nginx::config(
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$confd_purge = $nginx::params::nx_confd_purge,
$server_tokens = $nginx::params::nx_server_tokens,
$types_hash_max_size = $nginx::params::nx_types_hash_max_size,
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$confd_purge = $nginx::params::nx_confd_purge,
$server_tokens = $nginx::params::nx_server_tokens,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_cache_path = $nginx::params::nx_proxy_cache_path,
$proxy_cache_levels = $nginx::params::nx_proxy_cache_levels,
$proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone,
$proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size,
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$types_hash_max_size = $nginx::params::nx_types_hash_max_size,
$types_hash_bucket_size = $nginx::params::nx_types_hash_bucket_size
) inherits nginx::params {
File {
@ -29,7 +34,7 @@ class nginx::config(
mode => '0644',
}
file { "${nginx::params::nx_conf_dir}":
file { $nginx::params::nx_conf_dir:
ensure => directory,
}
@ -55,17 +60,16 @@ class nginx::config(
}
}
file { "${nginx::config::nx_run_dir}":
file {$nginx::config::nx_run_dir:
ensure => directory,
}
file { "${nginx::config::nx_client_body_temp_path}":
file {$nginx::config::nx_client_body_temp_path:
ensure => directory,
owner => $nginx::params::nx_daemon_user,
}
file {"${nginx::config::nx_proxy_temp_path}":
file {$nginx::config::nx_proxy_temp_path:
ensure => directory,
owner => $nginx::params::nx_daemon_user,
}

47
manifests/init.pp
View file

@ -4,8 +4,8 @@
#
# Parameters:
#
# There are no default parameters for this class. All module parameters are
# managed via the nginx::params class
# There are no default parameters for this class. All module parameters are managed
# via the nginx::params class
#
# Actions:
#
@ -29,15 +29,20 @@
# include nginx
# }
class nginx (
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$confd_purge = $nginx::params::nx_confd_purge,
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restart,
$mail = $nginx::params::nx_mail,
$server_tokens = $nginx::params::nx_server_tokens
$worker_processes = $nginx::params::nx_worker_processes,
$worker_connections = $nginx::params::nx_worker_connections,
$proxy_set_header = $nginx::params::nx_proxy_set_header,
$proxy_http_version = $nginx::params::nx_proxy_http_version,
$confd_purge = $nginx::params::nx_confd_purge,
$proxy_cache_path = $nginx::params::nx_proxy_cache_path,
$proxy_cache_levels = $nginx::params::nx_proxy_cache_levels,
$proxy_cache_keys_zone = $nginx::params::nx_proxy_cache_keys_zone,
$proxy_cache_max_size = $nginx::params::nx_proxy_cache_max_size,
$proxy_cache_inactive = $nginx::params::nx_proxy_cache_inactive,
$configtest_enable = $nginx::params::nx_configtest_enable,
$service_restart = $nginx::params::nx_service_restrart,
$mail = $nginx::params::nx_mail,
$server_tokens = $nginx::params::nx_server_tokens
) inherits nginx::params {
include stdlib
@ -47,14 +52,18 @@ class nginx (
}
class { 'nginx::config':
worker_processes => $worker_processes,
worker_connections => $worker_connections,
proxy_set_header => $proxy_set_header,
proxy_http_version => $proxy_http_version,
confd_purge => $confd_purge,
server_tokens => $server_tokens,
require => Class['nginx::package'],
notify => Class['nginx::service'],
worker_processes => $worker_processes,
worker_connections => $worker_connections,
proxy_set_header => $proxy_set_header,
proxy_http_version => $proxy_http_version,
proxy_cache_path => $proxy_cache_path,
proxy_cache_levels => $proxy_cache_levels,
proxy_cache_keys_zone => $proxy_cache_keys_zone,
proxy_cache_max_size => $proxy_cache_max_size,
proxy_cache_inactive => $proxy_cache_inactive,
confd_purge => $confd_purge,
require => Class['nginx::package'],
notify => Class['nginx::service'],
}
class { 'nginx::service':

38
manifests/params.pp
View file

@ -14,24 +14,25 @@
#
# This class file is not called directly
class nginx::params {
$nx_temp_dir = '/tmp'
$nx_run_dir = '/var/nginx'
$nx_temp_dir = '/tmp'
$nx_run_dir = '/var/nginx'
$nx_conf_dir = '/etc/nginx'
$nx_confd_purge = false
$nx_worker_processes = 1
$nx_worker_connections = 1024
$nx_types_hash_max_size = 1024
$nx_types_hash_bucket_size = 512
$nx_multi_accept = off
$nx_conf_dir = '/etc/nginx'
$nx_confd_purge = false
$nx_worker_processes = 1
$nx_worker_connections = 1024
$nx_types_hash_max_size = 1024
$nx_types_hash_bucket_size = 512
$nx_multi_accept = off
$nx_events_use = false # One of [kqueue|rtsig|epoll|/dev/poll|select|poll|eventport] or false to use OS default
$nx_sendfile = on
$nx_keepalive_timeout = 65
$nx_tcp_nodelay = on
$nx_gzip = on
$nx_server_tokens = on
$nx_spdy = off
$nx_ssl_stapling = off
$nx_sendfile = on
$nx_keepalive_timeout = 65
$nx_tcp_nodelay = on
$nx_gzip = on
$nx_server_tokens = on
$nx_spdy = off
$nx_ssl_stapling = off
$nx_proxy_redirect = off
$nx_proxy_set_header = [
@ -39,6 +40,11 @@ class nginx::params {
'X-Real-IP $remote_addr',
'X-Forwarded-For $proxy_add_x_forwarded_for',
]
$nx_proxy_cache_path = false
$nx_proxy_cache_levels = 1
$nx_proxy_cache_keys_zone = 'd2:100m'
$nx_proxy_cache_max_size = '500m'
$nx_proxy_cache_inactive = '20m'
$nx_client_body_temp_path = "${nx_run_dir}/client_body_temp"
$nx_client_body_buffer_size = '128k'

52
manifests/resource/location.pp
View file

@ -11,6 +11,9 @@
# [*proxy*] - Proxy server(s) for a location to connect to. Accepts a single value, can be used in conjunction
# with nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*ssl*] - Indicates whether to setup SSL bindings for this location.
# [*ssl_only*] - Required if the SSL and normal vHost have the same port.
# [*location_alias*] - Path to be used as basis for serving requests for this location
@ -19,6 +22,14 @@
# [*location_cfg_append*] - It expects a hash with custom directives to put after everything else inside location
# [*try_files*] - An array of file locations to try
# [*option*] - Reserved for future use
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and password
# with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
#
# Actions:
#
@ -58,6 +69,9 @@ define nginx::resource::location (
'index.php'],
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_script = undef,
$ssl = false,
$ssl_only = false,
$location_alias = undef,
@ -65,7 +79,11 @@ define nginx::resource::location (
$stub_status = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$try_files = undef
$try_files = undef,
$proxy_cache = false,
$proxy_cache_valid = false,
$auth_basic = undef,
$auth_basic_user_file = undef
) {
File {
owner => 'root',
@ -80,43 +98,53 @@ define nginx::resource::location (
default => file,
}
# Use proxy template if $proxy is defined, otherwise use directory template.
# Use proxy or fastcgi template if $proxy is defined, otherwise use directory template.
if ($proxy != undef) {
$content_real = template('nginx/vhost/vhost_location_proxy.erb')
} elsif ($location_alias != undef) {
$content_real = template('nginx/vhost/vhost_location_alias.erb')
} elsif ($stub_status != undef) {
$content_real = template('nginx/vhost/vhost_location_stub_status.erb')
} elsif ($fastcgi != undef) {
$content_real = template('nginx/vhost/vhost_location_fastcgi.erb')
} else {
$content_real = template('nginx/vhost/vhost_location_directory.erb')
}
# # Check for various error condtiions
## Check for various error conditions
if ($vhost == undef) {
fail('Cannot create a location reference without attaching to a virtual host')
}
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias or stub_status defined')
if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef)) {
fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi or stub_status defined')
}
if (($www_root != undef) and ($proxy != undef)) {
fail('Cannot define both directory and proxy in a virtual host')
}
# # Create stubs for vHost File Fragment Pattern
if (!$ssl_only) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
## Create stubs for vHost File Fragment Pattern
if ($ssl_only != 'true') {
file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-500-${name}":
ensure => $ensure_real,
content => $content_real,
}
}
# # Only create SSL Specific locations if $ssl is true.
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
## Only create SSL Specific locations if $ssl is true.
if ($ssl == 'true') {
file {"${nginx::config::nx_temp_dir}/nginx.d/${vhost}-800-${name}-ssl":
ensure => $ensure_real,
content => $content_real,
}
}
if ($auth_basic_user_file != undef) {
#Generate htpasswd with provided file-locations
file { "${nginx::params::nx_conf_dir}/${name}_htpasswd":
ensure => $ensure,
mode => '0644',
source => $auth_basic_user_file,
}
}
}

113
manifests/resource/vhost.pp
View file

@ -17,17 +17,32 @@
# [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in
# conjunction with nginx::resource::upstream
# [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds
# [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_params*] - optional alternative fastcgi_params file to use
# [*fastcgi_script*] - optional SCRIPT_FILE parameter
# [*ssl*] - Indicates whether to setup SSL bindings for this vhost.
# [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
# [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
# [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
# [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name].
# [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
# duplicate content (SEO);
# [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to rewrite to ssl
# [*include_files*] - Adds include files to vhost
# [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to
# rewrite www.domain.com to domain.com in order to avoid duplicate content (SEO);
# [*try_files*] - Specifies the locations for files to be
# checked as an array. Cannot be used in conjuction with $proxy.
# [*proxy_cache*] - This directive sets name of zone for caching.
# The same zone can be used in multiple places.
# [*proxy_cache_valid*] - This directive sets the time for caching
# different replies.
# [*auth_basic*] - This directive includes testing name and
# password with HTTP Basic Authentication.
# [*auth_basic_user_file*] - This directive sets the htpasswd filename for
# the authentication realm.
# [*vhost_cfg_append*] - It expects a hash with custom directives to
# put after everything else inside vhost
# [*rewrite_to_https*] - Adds a server directive and rewrite rule to
# rewrite to ssl
# [*include_files*] - Adds include files to vhost
#
# Actions:
#
@ -57,6 +72,11 @@ define nginx::resource::vhost (
$proxy = undef,
$proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
$proxy_set_header = [],
$proxy_cache = false,
$proxy_cache_valid = false,
$fastcgi = undef,
$fastcgi_params = '/etc/nginx/fastcgi_params',
$fastcgi_script = undef,
$index_files = [
'index.html',
'index.htm',
@ -67,8 +87,13 @@ define nginx::resource::vhost (
$rewrite_to_https = undef,
$location_cfg_prepend = undef,
$location_cfg_append = undef,
$include_files = undef,
$try_files = undef) {
$try_files = undef,
$auth_basic = undef,
$auth_basic_user_file = undef,
$vhost_cfg_append = undef,
$include_files = undef
) {
File {
ensure => $ensure ? {
'absent' => absent,
@ -96,25 +121,37 @@ define nginx::resource::vhost (
# Use the File Fragment Pattern to construct the configuration files.
# Create the base configuration file reference.
if ($listen_port != $ssl_port) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": content => template('nginx/vhost/vhost_header.erb'), }
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_header.erb'),
notify => Class['nginx::service'],
}
}
if ($ssl == true) and ($ssl_port == $listen_port) {
$ssl_only = true
if ($ssl == 'true') and ($ssl_port == $listen_port) {
$ssl_only = 'true'
}
# Create the default location reference for the vHost
nginx::resource::location { "${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
try_files => $try_files,
www_root => $www_root,
notify => Class['nginx::service'],
nginx::resource::location {"${name}-default":
ensure => $ensure,
vhost => $name,
ssl => $ssl,
ssl_only => $ssl_only,
location => '/',
proxy => $proxy,
proxy_read_timeout => $proxy_read_timeout,
proxy_cache => $proxy_cache,
proxy_cache_valid => $proxy_cache_valid,
fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params,
fastcgi_script => $fastcgi_script,
try_files => $try_files,
www_root => $www_root,
notify => Class['nginx::service'],
}
# Support location_cfg_prepend and location_cfg_append on default location created by vhost
@ -134,9 +171,37 @@ define nginx::resource::vhost (
}
# Create SSL File Stubs if SSL is enabled
if ($ssl) {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl": content => template('nginx/vhost/vhost_ssl_header.erb'), }
if ($ssl == 'true') {
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_ssl_header.erb'),
notify => Class['nginx::service'],
}
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl":
ensure => $ensure ? {
'absent' => absent,
default => 'file',
},
content => template('nginx/vhost/vhost_footer.erb'),
notify => Class['nginx::service'],
}
file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl": content => template('nginx/vhost/vhost_footer.erb'), }
#Generate ssl key/cert with provided file-locations
$cert = regsubst($name,' ','_')
file { "${nginx::params::nx_conf_dir}/${cert}.crt":
ensure => $ensure,
mode => '0644',
source => $ssl_cert,
}
file { "${nginx::params::nx_conf_dir}/${cert}.key":
ensure => $ensure,
mode => '0644',
source => $ssl_key,
}
}
}

12
templates/conf.d/nginx.conf.erb
View file

@ -5,9 +5,9 @@ error_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/error.log;
pid <%= scope.lookupvar('nginx::params::nx_pid')%>;
events {
worker_connections <%= worker_connections %>;
<% if scope.lookupvar('nginx::params::nx_multi_accept') == 'on' %>multi_accept on;<% end %>
<% if scope.lookupvar('nginx::params::nx_events_use') %>use <%= scope.lookupvar('nginx::params::nx_events_use')%>;<% end %>
worker_connections <%= worker_connections -%>;
<% if scope.lookupvar('nginx::params::nx_multi_accept') == 'on' %>multi_accept on;<% end -%>
<% if scope.lookupvar('nginx::params::nx_events_use') %>use <%= scope.lookupvar('nginx::params::nx_events_use')%>;<% end -%>
}
http {
@ -30,7 +30,11 @@ http {
<% if scope.lookupvar('nginx::params::nx_gzip') == 'on' %>
gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
<% end %>
<% end -%>
<% if proxy_cache_path -%>
proxy_cache_path <%= proxy_cache_path %> levels=<%= proxy_cache_levels %> keys_zone=<%= proxy_cache_keys_zone %> max_size=<%= proxy_cache_max_size %> inactive=<%= proxy_cache_inactive %>;
<% end -%>
include /etc/nginx/conf.d/*.conf;
}

5
templates/vhost/vhost_footer.erb
View file

@ -1,6 +1,11 @@
<% if @include_files %><% @include_files.each do |file| -%>
include <%= file %>;
<% end -%><% end -%>
<% if @vhost_cfg_append -%><% vhost_cfg_append.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
}
<% if rewrite_www_to_non_www %>

6
templates/vhost/vhost_header.erb
View file

@ -6,6 +6,12 @@ server {
<% end %>
server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
access_log <%= scope.lookupvar('nginx::params::nx_logdir')%>/<%= name %>.access.log;
<% if defined? auth_basic -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
<% proxy_set_header.each do |header| %>
proxy_set_header <%= header %>;<% end %>

14
templates/vhost/vhost_location_directory.erb
View file

@ -3,10 +3,18 @@
<%= key %> <%= value %>;
<% end -%><% end -%>
root <%= www_root %>;
<% if @try_files -%>
<% if @try_files -%>
try_files <% try_files.each do |try| -%> <%= try %> <% end -%>;
<% end -%>
index <% index_files.each do |i| %> <%= i %> <% end %>;
<% end -%>
<% if index_files -%>
index <% index_files.each do |i| %> <%= i %><% end %>;
<% end -%>
<% if defined? auth_basic -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if defined? auth_basic_user_file -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>
<% if @location_cfg_append -%><% location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>

9
templates/vhost/vhost_location_fastcgi.erb Normal file
View file

@ -0,0 +1,9 @@
location <%= location %> {
root <%= www_root %>;
include <%= fastcgi_params %>;
fastcgi_pass <%= fastcgi %>;
<% unless fastcgi_script == :undef %>
fastcgi_param SCRIPT_FILENAME <%= fastcgi_script %>;
<% end -%>
}

10
templates/vhost/vhost_location_proxy.erb
View file

@ -2,9 +2,13 @@
<% if @location_cfg_prepend -%><% location_cfg_prepend.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<% end -%><% end -%>
proxy_pass <%= proxy %>;
proxy_read_timeout <%= proxy_read_timeout %>;
<% if proxy_cache -%>
proxy_cache <%= proxy_cache %>;
proxy_cache_valid <%= proxy_cache_valid %>;
<% end -%>
proxy_pass <%= proxy %>;
proxy_read_timeout <%= proxy_read_timeout %>;
<% if @location_cfg_append -%><% location_cfg_append.sort_by {|k,v| k}.each do |key,value| -%>
<%= key %> <%= value %>;
<%= key %> <%= value %>;
<% end -%><% end -%>
}

28
templates/vhost/vhost_ssl_header.erb
View file

@ -1,19 +1,23 @@
server {
listen <%= ssl_port %><% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %> ssl spdy<% end %>;
listen <%= listen_ip %>:<%= ssl_port %><% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %> ssl spdy<% end %><% if @listen_options %><%= listen_options %><% end %>;
<% if ipv6_enable == 'true' && (defined? ipaddress6) %>
listen [<%= ipv6_listen_ip %>]:<%= ipv6_listen_port %> <% if @ipv6_listen_options %><%= ipv6_listen_options %><% end %> ipv6only=on;
<% end %>
server_name <%= rewrite_www_to_non_www ? name.gsub(/^www\./, '') : server_name.join(" ") %>;
ssl on;
ssl_certificate <%= ssl_cert %>;
ssl_certificate_key <%= ssl_key %>;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
<% if scope.lookupvar('nginx::params::nx_ssl_stapling') == 'on' %>ssl_stapling on;<% end %>
<% if scope.lookupvar('nginx::params::nx_spdy') == 'on' %>spdy_headers_comp 1;<% end %>
ssl on;
<% proxy_set_header.each do |header| %>
proxy_set_header <%= header %>;<% end %>
ssl_certificate <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.crt;
ssl_certificate_key <%= scope.lookupvar('nginx::params::nx_conf_dir') %>/<%= name.gsub(' ', '_') %>.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_protocols SSLv3 TLSv1;
ssl_prefer_server_ciphers on;
<% if auth_basic != :undef -%>
auth_basic "<%= auth_basic %>";
<% end -%>
<% if auth_basic_user_file != :undef -%>
auth_basic_user_file <%= auth_basic_user_file %>;
<% end -%>