123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138 |
- # define: nginx::resource::vhost
- #
- # This definition creates a virtual host
- #
- # Parameters:
- # [*ensure*] - Enables or disables the specified vhost (present|absent)
- # [*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
- # [*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
- # [*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default.
- # [*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
- # support exists on your system before enabling.
- # [*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
- # [*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
- # [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
- # While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
- # [*index_files*] - Default index files for NGINX to read when traversing a directory
- # [*proxy*] - Proxy server(s) for the root location to connect to. Accepts a single value, can be used in
- # conjunction with nginx::resource::upstream
- # [*proxy_read_timeout*] - Override the default the proxy read timeout value of 90 seconds
- # [*ssl*] - Indicates whether to setup SSL bindings for this vhost.
- # [*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
- # [*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
- # [*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
- # [*server_name*] - List of vhostnames for which this vhost will respond. Default [$name].
- # [*www_root*] - Specifies the location on disk for files to be read from. Cannot be set in conjunction with $proxy
- # [*rewrite_www_to_non_www*] - Adds a server directive and rewrite rule to rewrite www.domain.com to domain.com in order to avoid
- # duplicate content (SEO);
- # [*try_files*] - Specifies the locations for files to be checked as an array. Cannot be used in conjuction with $proxy.
- #
- # Actions:
- #
- # Requires:
- #
- # Sample Usage:
- # nginx::resource::vhost { 'test2.local':
- # ensure => present,
- # www_root => '/var/www/nginx-default',
- # ssl => 'true',
- # ssl_cert => '/tmp/server.crt',
- # ssl_key => '/tmp/server.pem',
- # }
- define nginx::resource::vhost (
- $ensure = 'enable',
- $listen_ip = '*',
- $listen_port = '80',
- $listen_options = undef,
- $ipv6_enable = false,
- $ipv6_listen_ip = '::',
- $ipv6_listen_port = '80',
- $ipv6_listen_options = 'default',
- $ssl = false,
- $ssl_cert = undef,
- $ssl_key = undef,
- $ssl_port = '443',
- $proxy = undef,
- $proxy_read_timeout = $nginx::params::nx_proxy_read_timeout,
- $proxy_set_header = [],
- $index_files = [
- 'index.html',
- 'index.htm',
- 'index.php'],
- $server_name = [$name],
- $www_root = undef,
- $rewrite_www_to_non_www = false,
- $location_cfg_prepend = undef,
- $location_cfg_append = undef,
- $try_files = undef) {
- File {
- ensure => $ensure ? {
- 'absent' => absent,
- default => 'file',
- },
- notify => Class['nginx::service'],
- owner => 'root',
- group => 'root',
- mode => '0644',
- }
- # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
- # and support does not exist for it in the kernel.
- if ($ipv6_enable == true) and ($ipaddress6) {
- warning('nginx: IPv6 support is not enabled or configured properly')
- }
- # Check to see if SSL Certificates are properly defined.
- if ($ssl == true) {
- if ($ssl_cert == undef) or ($ssl_key == undef) {
- fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
- }
- }
- # Use the File Fragment Pattern to construct the configuration files.
- # Create the base configuration file reference.
- if ($listen_port != $ssl_port) {
- file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-001": content => template('nginx/vhost/vhost_header.erb'), }
- }
- if ($ssl == true) and ($ssl_port == $listen_port) {
- $ssl_only = true
- }
- # Create the default location reference for the vHost
- nginx::resource::location { "${name}-default":
- ensure => $ensure,
- vhost => $name,
- ssl => $ssl,
- ssl_only => $ssl_only,
- location => '/',
- proxy => $proxy,
- proxy_read_timeout => $proxy_read_timeout,
- try_files => $try_files,
- www_root => $www_root,
- notify => Class['nginx::service'],
- }
- # Support location_cfg_prepend and location_cfg_append on default location created by vhost
- if $location_cfg_prepend {
- Nginx::Resource::Location["${name}-default"] {
- location_cfg_prepend => $location_cfg_prepend }
- }
- if $location_cfg_append {
- Nginx::Resource::Location["${name}-default"] {
- location_cfg_append => $location_cfg_append }
- }
- # Create a proper file close stub.
- if ($listen_port != $ssl_port) {
- file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-699": content => template('nginx/vhost/vhost_footer.erb'), }
- }
- # Create SSL File Stubs if SSL is enabled
- if ($ssl) {
- file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-700-ssl": content => template('nginx/vhost/vhost_ssl_header.erb'), }
- file { "${nginx::config::nx_temp_dir}/nginx.d/${name}-999-ssl": content => template('nginx/vhost/vhost_footer.erb'), }
- }
- }
|