123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417 |
- # define: nginx::resource::location
- #
- # This definition creates a new location entry within a virtual host
- #
- # Parameters:
- # [*ensure*] - Enables or disables the specified location
- # (present|absent)
- # [*internal*] - Indicates whether or not this loation can be
- # used for internal requests only. Default: false
- # [*vhost*] - Defines the default vHost for this location
- # entry to include with
- # [*location*] - Specifies the URI associated with this location
- # entry
- # [*location_satisfy*] - Allows access if all (all) or at least one (any) of the auth modules allow access.
- # [*location_allow*] - Array: Locations to allow connections from.
- # [*location_deny*] - Array: Locations to deny connections from.
- # [*www_root*] - Specifies the location on disk for files to be
- # read from. Cannot be set in conjunction with $proxy
- # [*autoindex*] - Set it on 'on' to activate autoindex directory
- # listing. Undef by default.
- # [*index_files*] - Default index files for NGINX to read when
- # traversing a directory
- # [*proxy*] - Proxy server(s) for a location to connect to.
- # Accepts a single value, can be used in conjunction with
- # nginx::resource::upstream
- # [*proxy_redirect*] - sets the text, which must be changed in
- # response-header "Location" and "Refresh" in the response of the proxied
- # server.
- # [*proxy_read_timeout*] - Override the default the proxy read timeout
- # value of 90 seconds
- # [*proxy_connect_timeout*] - Override the default the proxy connect timeout
- # value of 90 seconds
- # [*proxy_set_header*] - Array of vhost headers to set
- # [*proxy_hide_header*] - Array of vhost headers to hide
- # [*fastcgi*] - location of fastcgi (host:port)
- # [*fastcgi_param*] - Set additional custom fastcgi_params
- # [*fastcgi_params*] - optional alternative fastcgi_params file to use
- # [*fastcgi_script*] - optional SCRIPT_FILE parameter
- # [*fastcgi_split_path*] - Allows settings of fastcgi_split_path_info so
- # that you can split the script_name and path_info via regex
- # [*uwsgi*] - location of uwsgi (host:port)
- # [*uwsgi_params*] - optional alternative uwsgi_params file to use
- # [*ssl*] - Indicates whether to setup SSL bindings for
- # this location.
- # [*ssl_only*] - Required if the SSL and normal vHost have the
- # same port.
- # [*location_alias*] - Path to be used as basis for serving requests
- # for this location
- # [*stub_status*] - If true it will point configure module
- # stub_status to provide nginx stats on location
- # [*raw_prepend*] - A single string, or an array of strings to
- # prepend to the location directive (after custom_cfg directives). NOTE:
- # YOU are responsible for a semicolon on each line that requires one.
- # [*raw_append*] - A single string, or an array of strings to
- # append to the location directive (after custom_cfg directives). NOTE:
- # YOU are responsible for a semicolon on each line that requires one.
- # [*location_custom_cfg*] - Expects a hash with custom directives, cannot
- # be used with other location types (proxy, fastcgi, root, or stub_status)
- # [*location_cfg_prepend*] - Expects a hash with extra directives to put
- # before anything else inside location (used with all other types except
- # custom_cfg)
- # [*location_custom_cfg_prepend*] - Expects a array with extra directives
- # to put before anything else inside location (used with all other types
- # except custom_cfg). Used for logical structures such as if.
- # [*location_custom_cfg_append*] - Expects a array with extra directives
- # to put after anything else inside location (used with all other types
- # except custom_cfg). Used for logical structures such as if.
- # [*location_cfg_append*] - Expects a hash with extra directives to put
- # after everything else inside location (used with all other types except
- # custom_cfg)
- # [*try_files*] - An array of file locations to try
- # [*option*] - Reserved for future use
- # [*proxy_cache*] - This directive sets name of zone for caching.
- # The same zone can be used in multiple places.
- # [*proxy_cache_key*] - Override the default proxy_cache_key of
- # $scheme$proxy_host$request_uri
- # [*proxy_cache_use_stale*] - Override the default proxy_cache_use_stale value
- # of off.
- # [*proxy_cache_valid*] - This directive sets the time for caching
- # different replies.
- # [*proxy_method*] - If defined, overrides the HTTP method of the
- # request to be passed to the backend.
- # [*proxy_set_body*] - If defined, sets the body passed to the backend.
- # [*auth_basic*] - This directive includes testing name and password
- # with HTTP Basic Authentication.
- # [*auth_basic_user_file*] - This directive sets the htpasswd filename for
- # the authentication realm.
- # [*priority*] - Location priority. Default: 500. User priority
- # 401-499, 501-599. If the priority is higher than the default priority,
- # the location will be defined after root, or before root.
- # [*mp4*] - Indicates whether or not this loation can be
- # used for mp4 streaming. Default: false
- # [*flv*] - Indicates whether or not this loation can be
- # used for flv streaming. Default: false
- #
- #
- # Actions:
- #
- # Requires:
- #
- # Sample Usage:
- # nginx::resource::location { 'test2.local-bob':
- # ensure => present,
- # www_root => '/var/www/bob',
- # location => '/bob',
- # vhost => 'test2.local',
- # }
- #
- # Custom config example to limit location on localhost,
- # create a hash with any extra custom config you want.
- # $my_config = {
- # 'access_log' => 'off',
- # 'allow' => '127.0.0.1',
- # 'deny' => 'all'
- # }
- # nginx::resource::location { 'test2.local-bob':
- # ensure => present,
- # www_root => '/var/www/bob',
- # location => '/bob',
- # vhost => 'test2.local',
- # location_cfg_append => $my_config,
- # }
- #
- # Add Custom fastcgi_params
- # nginx::resource::location { 'test2.local-bob':
- # ensure => present,
- # www_root => '/var/www/bob',
- # location => '/bob',
- # vhost => 'test2.local',
- # fastcgi_param => {
- # 'APP_ENV' => 'local',
- # }
- # }
- define nginx::resource::location (
- $ensure = present,
- $internal = false,
- $location = $name,
- $vhost = undef,
- $www_root = undef,
- $autoindex = undef,
- $index_files = [
- 'index.html',
- 'index.htm',
- 'index.php'],
- $proxy = undef,
- $proxy_redirect = $::nginx::config::proxy_redirect,
- $proxy_read_timeout = $::nginx::config::proxy_read_timeout,
- $proxy_connect_timeout = $::nginx::config::proxy_connect_timeout,
- $proxy_set_header = $::nginx::config::proxy_set_header,
- $proxy_hide_header = $::nginx::config::proxy_hide_header,
- $fastcgi = undef,
- $fastcgi_param = undef,
- $fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params",
- $fastcgi_script = undef,
- $fastcgi_split_path = undef,
- $uwsgi = undef,
- $uwsgi_params = "${nginx::config::conf_dir}/uwsgi_params",
- $ssl = false,
- $ssl_only = false,
- $location_alias = undef,
- $location_satisfy = undef,
- $location_allow = undef,
- $location_deny = undef,
- $option = undef,
- $stub_status = undef,
- $raw_prepend = undef,
- $raw_append = undef,
- $location_custom_cfg = undef,
- $location_cfg_prepend = undef,
- $location_cfg_append = undef,
- $location_custom_cfg_prepend = undef,
- $location_custom_cfg_append = undef,
- $include = undef,
- $try_files = undef,
- $proxy_cache = false,
- $proxy_cache_key = undef,
- $proxy_cache_use_stale = undef,
- $proxy_cache_valid = false,
- $proxy_method = undef,
- $proxy_set_body = undef,
- $auth_basic = undef,
- $auth_basic_user_file = undef,
- $rewrite_rules = [],
- $priority = 500,
- $mp4 = false,
- $flv = false,
- ) {
- $root_group = $::nginx::config::root_group
- File {
- owner => 'root',
- group => $root_group,
- mode => '0644',
- notify => Class['::nginx::service'],
- }
- validate_re($ensure, '^(present|absent)$',
- "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
- validate_string($location)
- if ($vhost != undef) {
- validate_string($vhost)
- }
- if ($www_root != undef) {
- validate_string($www_root)
- }
- if ($autoindex != undef) {
- validate_string($autoindex)
- }
- validate_array($index_files)
- if ($proxy != undef) {
- validate_string($proxy)
- }
- if ($proxy_redirect != undef) {
- validate_string($proxy_redirect)
- }
- validate_string($proxy_read_timeout)
- validate_string($proxy_connect_timeout)
- validate_array($proxy_set_header)
- validate_array($proxy_hide_header)
- if ($fastcgi != undef) {
- validate_string($fastcgi)
- }
- if ($fastcgi_param != undef) {
- validate_hash($fastcgi_param)
- }
- validate_string($fastcgi_params)
- if ($fastcgi_script != undef) {
- validate_string($fastcgi_script)
- }
- if ($fastcgi_split_path != undef) {
- validate_string($fastcgi_split_path)
- }
- if ($uwsgi != undef) {
- validate_string($uwsgi)
- }
- validate_string($uwsgi_params)
- validate_bool($internal)
- validate_bool($ssl)
- validate_bool($ssl_only)
- if ($location_alias != undef) {
- validate_string($location_alias)
- }
- if ($location_satisfy != undef) {
- validate_re($location_satisfy, '^(any|all)$',
- "${$location_satisfy} is not supported for location_satisfy. Allowed values are 'any' and 'all'.")
- }
- if ($location_allow != undef) {
- validate_array($location_allow)
- }
- if ($location_deny != undef) {
- validate_array($location_deny)
- }
- if ($option != undef) {
- warning('The $option parameter has no effect and is deprecated.')
- }
- if ($stub_status != undef) {
- validate_bool($stub_status)
- }
- if ($raw_prepend != undef) {
- if (is_array($raw_prepend)) {
- validate_array($raw_prepend)
- } else {
- validate_string($raw_prepend)
- }
- }
- if ($raw_append != undef) {
- if (is_array($raw_append)) {
- validate_array($raw_append)
- } else {
- validate_string($raw_append)
- }
- }
- if ($location_custom_cfg != undef) {
- validate_hash($location_custom_cfg)
- }
- if ($location_cfg_prepend != undef) {
- validate_hash($location_cfg_prepend)
- }
- if ($location_cfg_append != undef) {
- validate_hash($location_cfg_append)
- }
- if ($include != undef) {
- validate_array($include)
- }
- if ($try_files != undef) {
- validate_array($try_files)
- }
- if ($proxy_cache != false) {
- validate_string($proxy_cache)
- }
- if ($proxy_cache_key != undef) {
- validate_string($proxy_cache_key)
- }
- if ($proxy_cache_use_stale != undef) {
- validate_string($proxy_cache_use_stale)
- }
- if ($proxy_cache_valid != false) {
- if !(is_array($proxy_cache_valid) or is_string($proxy_cache_valid)) {
- fail('$proxy_cache_valid must be a string or an array or false.')
- }
- }
- if ($proxy_method != undef) {
- validate_string($proxy_method)
- }
- if ($proxy_set_body != undef) {
- validate_string($proxy_set_body)
- }
- if ($auth_basic != undef) {
- validate_string($auth_basic)
- }
- if ($auth_basic_user_file != undef) {
- validate_string($auth_basic_user_file)
- }
- if !is_integer($priority) {
- fail('$priority must be an integer.')
- }
- validate_array($rewrite_rules)
- if (($priority + 0) < 401) or (($priority + 0) > 899) {
- fail('$priority must be in the range 401-899.')
- }
- # # Shared Variables
- $ensure_real = $ensure ? {
- 'absent' => absent,
- default => file,
- }
- ## Check for various error conditions
- if ($vhost == undef) {
- fail('Cannot create a location reference without attaching to a virtual host')
- }
- if (($www_root == undef) and ($proxy == undef) and ($location_alias == undef) and ($stub_status == undef) and ($fastcgi == undef) and ($uwsgi == undef) and ($location_custom_cfg == undef) and ($internal == false)) {
- fail('Cannot create a location reference without a www_root, proxy, location_alias, fastcgi, uwsgi, stub_status, internal, or location_custom_cfg defined')
- }
- if (($www_root != undef) and ($proxy != undef)) {
- fail('Cannot define both directory and proxy in a virtual host')
- }
- # Use proxy, fastcgi or uwsgi template if $proxy is defined, otherwise use directory template.
- # fastcgi_script is deprecated
- if ($fastcgi_script != undef) {
- warning('The $fastcgi_script parameter is deprecated; please use $fastcgi_param instead to define custom fastcgi_params!')
- }
- $vhost_sanitized = regsubst($vhost, ' ', '_', 'G')
- $config_file = "${::nginx::config::conf_dir}/sites-available/${vhost_sanitized}.conf"
- $location_sanitized_tmp = regsubst($location, '\/', '_', 'G')
- $location_sanitized = regsubst($location_sanitized_tmp, '\\\\', '_', 'G')
- # Use proxy or fastcgi template if $proxy is defined, otherwise use directory template.
- if ($proxy != undef) {
- $content_real = template('nginx/vhost/locations/proxy.erb')
- } elsif ($location_alias != undef) {
- $content_real = template('nginx/vhost/locations/alias.erb')
- } elsif ($stub_status != undef) {
- $content_real = template('nginx/vhost/locations/stub_status.erb')
- } elsif ($fastcgi != undef) {
- $content_real = template('nginx/vhost/locations/fastcgi.erb')
- } elsif ($uwsgi != undef) {
- $content_real = template('nginx/vhost/locations/uwsgi.erb')
- } elsif ($www_root != undef) {
- $content_real = template('nginx/vhost/locations/directory.erb')
- } else {
- $content_real = template('nginx/vhost/locations/empty.erb')
- }
- if $ensure == present and $fastcgi != undef and !defined(File[$fastcgi_params]) {
- file { $fastcgi_params:
- ensure => present,
- mode => '0770',
- content => template('nginx/vhost/fastcgi_params.erb'),
- }
- }
- if $ensure == present and $uwsgi != undef and !defined(File[$uwsgi_params]) {
- file { $uwsgi_params:
- ensure => present,
- mode => '0770',
- content => template('nginx/vhost/uwsgi_params.erb'),
- }
- }
- ## Create stubs for vHost File Fragment Pattern
- $location_md5 = md5($location)
- if ($ssl_only != true) {
- concat::fragment { "${vhost_sanitized}-${priority}-${location_md5}":
- target => $config_file,
- content => join([
- template('nginx/vhost/location_header.erb'),
- $content_real,
- template('nginx/vhost/location_footer.erb')
- ], ''),
- order => $priority,
- }
- }
- ## Only create SSL Specific locations if $ssl is true.
- if ($ssl == true or $ssl_only == true) {
- $ssl_priority = $priority + 300
- concat::fragment { "${vhost_sanitized}-${ssl_priority}-${location_md5}-ssl":
- target => $config_file,
- content => join([
- template('nginx/vhost/location_header.erb'),
- $content_real,
- template('nginx/vhost/location_footer.erb')
- ], ''),
- order => $ssl_priority,
- }
- }
- }
|