No description
Find a file
Matthew Haughton 65168203cf no more Gemfile.lock
It messes with rspec-system builds and isn't really relevant
for code that's running directly on Puppet
2013-11-30 17:52:01 -05:00
.travis add travis config 2013-10-19 23:25:07 -04:00
manifests Merge pull request #188 from 3flex/rspec-tests 2013-11-22 09:27:53 -08:00
spec set required variables before template declared 2013-11-21 23:23:45 -05:00
templates fix auth_basic/auth_basic_user_file variable detection 2013-11-21 23:22:01 -05:00
tests linting 2013-05-08 14:15:42 +02:00
.fixtures.yml Add specs using puppetlabs_spec_helper and librarian-puppet 2013-06-05 18:35:34 +02:00
.gitignore no more Gemfile.lock 2013-11-30 17:52:01 -05:00
.nodeset.yml Add basic rspec-system tests. 2013-09-04 15:11:36 -04:00
.travis.yml add travis config 2013-10-19 23:25:07 -04:00
ChangeLog Rebase bashtoni's pull request from a year ago: 2012-12-05 23:11:29 -08:00
composer.json added original license to composer.json 2013-05-18 15:37:27 +02:00
Gemfile Add basic rspec-system tests. 2013-09-04 15:11:36 -04:00
LICENSE 20110524 Work Snapshot 2011-05-24 21:20:48 -05:00
Modulefile Refactor to use puppetlabs-apt. 2013-09-04 17:57:41 -04:00
Puppetfile Merge branch 'disable-yum-repo-management' of github.com:rytis/puppet-nginx into rytis-disable-yum-repo-management 2013-10-07 14:46:42 -05:00
Puppetfile.lock Merge branch 'disable-yum-repo-management' of github.com:rytis/puppet-nginx into rytis-disable-yum-repo-management 2013-10-07 14:46:42 -05:00
Rakefile Add basic rspec-system tests. 2013-09-04 15:11:36 -04:00
README.markdown Added example of passenger usage 2013-10-08 10:20:57 +02:00

NGINX Module

James Fryman james@frymanet.com

This module manages NGINX configuration.

Quick Start

Install and bootstrap an NGINX instance

class { 'nginx': }

Setup a new virtual host

nginx::resource::vhost { 'www.puppetlabs.com':
  ensure   => present,
  www_root => '/var/www/www.puppetlabs.com',
}

Add a Proxy Server

nginx::resource::upstream { 'puppet_rack_app':
 ensure  => present,
 members => [
   'localhost:3000',
   'localhost:3001',
   'localhost:3002',
 ],
}

nginx::resource::vhost { 'rack.puppetlabs.com':
  ensure => present,
  proxy  => 'http://puppet_rack_app',
}

Add a smtp proxy


class { 'nginx':
 mail => true,
}

nginx::resource::mailhost { 'domain1.example':
 ensure      => present,
 auth_http   => 'server2.example/cgi-bin/auth',
 protocol    => 'smtp',
 listen_port => 587,
 ssl_port    => 465,
 starttls    => 'only',
 xclient     => 'off',
 ssl         => 'true',
 ssl_cert    => '/tmp/server.crt',
 ssl_key     => '/tmp/server.pem',
}

Hiera Support

Defining nginx resources in Hiera.

nginx::nginx_upstreams:
  'puppet_rack_app':
    ensure: present
    members:
      - localhost:3000
      - localhost:3001
      - localhost:3002
nginx::nginx_vhosts:
  'www.puppetlabs.com':
    www_root: '/var/www/www.puppetlabs.com'
  'rack.puppetlabs.com':
    ensure: present
    proxy: 'http://puppet_rack_app'
nginx::nginx_locations:
  'static':
    location: '~ "^/static/[0-9a-fA-F]{8}\/(.*)$"'
    vhost: www.puppetlabs.com
  'userContent':
    location: /userContent
    vhost: www.puppetlabs.com
    www_root: /var/www/html

Nginx with precompiled Passenger

Currently this works only for Debian family.

class { 'nginx':
  package_source => 'passenger',
  http_cfg_append => {
   'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini',
  }
}

Package source passenger will add Phusion Passenger repository to APT sources. For each virtual host you should specify which ruby should be used.

vhost_cfg_append => {
  'passenger_enabled'         => 'on',
  'passenger_ruby'            => '/usr/bin/ruby'
}

Puppet master served by Nginx and Passenger

Virtual host config for serving puppet master:

nginx::resource::vhost { 'puppet':
  ensure      => present,
  server_name => ['puppet'],
  listen_port => 8140,
  ssl         => true,
  ssl_cert    => '/var/lib/puppet/ssl/certs/example.com.pem',
  ssl_key     => '/var/lib/puppet/ssl/private_keys/example.com.pem',
  ssl_port    => 8140,
  ssl_cache   => 'shared:SSL:128m',
  ssl_ciphers => 'SSLv2:-LOW:-EXPORT:RC4+RSA',
  vhost_cfg_append => {
    'passenger_enabled'         => 'on',
    'passenger_ruby'            => '/usr/bin/ruby',
    'ssl_crl'                   => '/var/lib/puppet/ssl/ca/ca_crl.pem',
    'ssl_client_certificate'    => '/var/lib/puppet/ssl/certs/ca.pem',
    'ssl_verify_client'         => 'optional',
    'ssl_verify_depth'          => 1,
  },
  www_root    => '/etc/puppet/rack/public',
  use_default_location => false,
  access_log  => '/var/log/nginx/puppet_access.log',
  error_log   => '/var/log/nginx/puppet_error.log',
  passenger_cgi_param => {
    'SSL_CLIENT_S_DN'   => '$ssl_client_s_dn',
    'SSL_CLIENT_VERIFY' => '$ssl_client_verify',
  },
}